12-02-2021 03:04 AM
My config is all right,
here's config:
SPOKE1:
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 1.1.1.4 YES NVRAM up up
FastEthernet0/1 192.168.30.1 YES manual up up
FastEthernet1/0 unassigned YES NVRAM administratively down down
FastEthernet1/1 2.2.2.4 YES NVRAM up up
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.5
crypto isakmp key FORISP2 address 2.2.2.5
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
crypto ipsec transform-set ISP2SET esp-3des esp-md5-hmac
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.5
set transform-set ISP1SET
match address 100
crypto map ISP2MAP 2 ipsec-isakmp
set peer 2.2.2.5
set transform-set ISP2SET
match address 100
crypto map ISP1MAP
crypto map ISP2MAP
========================================================================
HUB1 :
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 1.1.1.2 YES NVRAM up up
FastEthernet0/1 192.168.10.2 YES NVRAM up up
FastEthernet1/0 unassigned YES NVRAM administratively down down
FastEthernet1/1 2.2.2.2 YES NVRAM up up
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.4
crypto isakmp key FORISP2 address 2.2.2.4
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
crypto ipsec transform-set ISP2SET esp-3des esp-md5-hmac
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.4
set transform-set ISP1SET
match address 100
crypto map ISP2MAP 2 ipsec-isakmp
set peer 2.2.2.4
set transform-set ISP2SET
match address 100
crypto map ISP1MAP
crypto map ISP2MAP
12-02-2021 03:57 AM
Hello,
what is the problem exactly ? Post the full running configurations of both sides...
12-02-2021 05:41 AM - edited 12-02-2021 05:42 AM
when i try to ping from 192.168.50.2/24 -to - 192.168.30.2/24 , its showing key missing message in CLI of HQ-Active router & SPOKE1 ROUTER also no ping replies received.
HQ-Active router -ERROR_MESSAGE: *Dec 2 19:18:51.335: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mod e failed with peer at 1.1.1.4
HQ-Active router -ERROR_MESSAGE: *Dec 2 19:21:33.835: %CRYPTO-6-IKMP_NO_PRESHARED_KEY: Pre-shared key for remote peer at 1.1.1.2 is missing
HQ-ACTIVE router
redundancy
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.4
crypto isakmp key FORISP2 address 2.2.2.4
!
!
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
crypto ipsec transform-set ISP2SET esp-3des esp-md5-hmac
!
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.4
set transform-set ISP1SET
match address 100
!
crypto map ISP2MAP 2 ipsec-isakmp
set peer 2.2.2.4
set transform-set ISP2SET
match address 100
!
!
!
!
!
!
interface FastEthernet0/0
description ***ISP-1-PRIMARY***
ip address 1.1.1.2 255.255.255.0
duplex auto
speed auto
standby 2 ip 1.1.1.5
standby 2 priority 110
standby 2 preempt
standby 2 name wlanisp1
crypto map ISP1MAP
!
!
interface FastEthernet0/1
description ***LAN-INTERFACE***
ip address 192.168.10.2 255.255.255.0
duplex auto
speed auto
standby 1 ip 192.168.10.5
standby 1 priority 110
standby 1 preempt
standby 1 name inlan
!
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
!
interface FastEthernet1/1
description ***ISP-2-SECONDARY***
ip address 2.2.2.2 255.255.255.0
duplex auto
speed auto
standby 3 ip 2.2.2.5
standby 3 priority 110
standby 3 preempt
standby 3 name wanisp2
crypto map ISP2MAP
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 192.168.30.0 255.255.255.0 1.1.1.4
ip route 192.168.30.0 255.255.255.0 2.2.2.4 10
ip route 192.168.50.0 255.255.255.0 192.168.10.4
!
access-list 100 permit ip 192.168.50.0 0.0.0.255 192.168.30.0 0.0.0.255
nls resp-timeout 1
cpd cr-id 1
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
gatekeeper
shutdown
!
!
HQ_STANDBY router
redundancy
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.4
crypto isakmp key FORISP2 address 2.2.2.4
!
!
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
crypto ipsec transform-set ISP2SET esp-3des esp-md5-hmac
!
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.4
set transform-set ISP1SET
match address 100
!
crypto map ISP2MAP 2 ipsec-isakmp
set peer 2.2.2.4
set transform-set ISP2SET
match address 100
!
!
!
!
!
!
interface FastEthernet0/0
description ***ISP-1-PRIMARY***
ip address 1.1.1.1 255.255.255.0
duplex auto
speed auto
standby 2 ip 1.1.1.5
standby 2 preempt
standby 2 name wanisp1
crypto map ISP1MAP
!
!
interface FastEthernet0/1
description ***LAN-INTERFACE***
ip address 192.168.10.1 255.255.255.0
duplex auto
speed auto
standby 1 ip 192.168.10.5
standby 1 preempt
standby 1 name inlan
!
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
!
interface FastEthernet1/1
description ***ISP-2-SECONDARY***
ip address 2.2.2.1 255.255.255.0
duplex auto
speed auto
standby 3 ip 2.2.2.5
standby 3 preempt
standby 3 name wanisp2
crypto map ISP2MAP
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 192.168.10.0 255.255.255.0 1.1.1.4
ip route 192.168.10.0 255.255.255.0 2.2.2.4 10
ip route 192.168.50.0 255.255.255.0 192.168.10.4
!
access-list 100 permit ip 192.168.50.0 0.0.0.255 192.168.30.0 0.0.0.255
nls resp-timeout 1
cpd cr-id 1
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
gatekeeper
shutdown
!
!
SPOKE1
!
redundancy
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.5
crypto isakmp key FORISP2 address 2.2.2.5
!
!
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
crypto ipsec transform-set ISP2SET esp-3des esp-md5-hmac
!
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.5
set transform-set ISP1SET
match address 100
!
crypto map ISP2MAP 2 ipsec-isakmp
set peer 2.2.2.5
set transform-set ISP2SET
match address 100
!
!
!
!
!
!
interface FastEthernet0/0
description ***ISP-1-PRIMARY***
ip address 1.1.1.4 255.255.255.0
duplex auto
speed auto
crypto map ISP1MAP
!
!
interface FastEthernet0/1
description ***ISP-2-SECONDARY***
ip address 192.168.30.1 255.255.255.0
duplex auto
speed auto
!
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
!
interface FastEthernet1/1
description ***ISP-2-SECONDARY***
ip address 2.2.2.4 255.255.255.0
duplex auto
speed auto
crypto map ISP2MAP
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 1.1.1.5
ip route 0.0.0.0 0.0.0.0 2.2.2.5 10
!
access-list 100 permit ip 192.168.30.0 0.0.0.255 192.168.50.0 0.0.0.255
nls resp-timeout 1
cpd cr-id 1
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
gatekeeper
shutdown
!
12-08-2021 03:57 PM
For the DMVPN the IPSec key should config as
password # address 0.0.0.0<- in Hub
password # address 0.0.0.0 <- in Spoke "to make Spoke to Spoke connect"
12-08-2021 08:53 PM
THANK YOU EVERYONE, I FOUND THE ANSWER .
i just mapped the crypto map with redudancy as i pointed the spoke to the VIP of HUB, therfore
command on interface : crypto map [mapname] redudency [standbyname]
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide