cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1298
Views
0
Helpful
4
Replies
Highlighted
Beginner

IPsec VPN Cisco RVS4000 <-> Cisco 3825

I have configured ipsec VPN between Cisco RVS4000 and Cisco 3825 router. VPN status is still showing down.

Below are the configuration of the bothe router.

CISCO 3825

test_router#sho run

Building configuration...

Current configuration : 1376 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname test_router

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 $1$LeAn$mK9GS.StmL6ty4gRYI3Cy1

!

no aaa new-model

!

resource policy

!

ip subnet-zero

ip cef

!

!

!

!

!

!

!

!

!

!

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp key dopcvpn address RemoteIP

crypto isakmp keepalive 3600

!

!

crypto ipsec transform-set myset esp-3des esp-md5-hmac

!

crypto map mymap 10 ipsec-isakmp

set peer Remote IP

set security-association idle-time 60

set transform-set myset

match address 100

!

!

!

interface GigabitEthernet0/0

ip address WAN IP

duplex auto

speed auto

media-type rj45

negotiation auto

crypto map mymap

!

interface GigabitEthernet0/1

ip address 172.16.149.1 255.255.255.0

shutdown

duplex auto

speed auto

media-type rj45

negotiation auto

!

interface GigabitEthernet0/0/0

no ip address

shutdown

negotiation auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 GW

!

ip http server

no ip http secure-server

!

access-list 100 permit ip 172.16.149.0 0.0.0.255 192.168.13.192 0.0.0.63

!

!

control-plane

!

!

!

line con 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

password 7 050F091F22

login

!

scheduler allocate 20000 1000

!

end

test_router#

**************************

Cisco RVS4000

RVS4000 - Remote office

Local Group Setup

Local Security Gateway Type: IP Only

IP address: WAN IP

Local Security Group Type: Subnet

IP Address: 192.168.13.192

Subnet Mask: 255.255.255.192

Remote Group Setup

Remote Security Gateway Type: IP Only

IP Address: (WAN IP of Cisco 3825)  

Remote Security Group Type: Subnet

IP Address: 172.16.149.0

Subnet Mask: 255.255.255.0    

IPSec Setup

Keying Mode: IKE with Preshared Key   

Phase 1:

Encryption: 3DES

Authentication:MD5

Group: 1024-bit (have tried 768 and 1536 bit as well)   

Key Lifetime: 28800 sec

Phase 2:

Encryption: 3DES

Authentication: SHA1

Perfect Forward Secrecy: Enable

Preshared Key: dopcvpn  (not the real one but not necessary to reveal here)

Group: 1024-bit

Key Lifetime: 3600 sec

Please let me if there is any configuration issue.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

in rv 4000 You should have authentication type MD5 under Phase 2

View solution in original post

4 REPLIES 4
Highlighted
Beginner

in rv 4000 You should have authentication type MD5 under Phase 2

View solution in original post

Highlighted

HI,

It is already in MD5. It was a type mistek in the configuration i send before.

Still it is not working.

Rajnedra

Highlighted

HI ,

I have not got any answer. The above configuration changed didnt work.

I wrongly marked as a correct answer.

Please update on this.

Regards

Rajendra

Highlighted
Beginner

I took a look at your configurations on both the rvs4000 and also the 3825. Some times by just having the key lifetimes to be in correct will cause problems. I am not seeing the phase 1 key lifetime on the 3825. On the rvs4000 it is set to 28800(8 hours). On the rvs4000 you can change this to 86400(24hours) for phase 1 only. The highest that you can set phase 2 for on the rvs4000 is 28800.

Also what are you getting in the logs for the vpn tunnel? If you look at your logs you can see what phase is failing. This will help you to trouble shoot the problem if you can understand where the problem is happening. If you are not getting anything on phase 2, than you are failing at phase 1.

Thanks

Quendale