Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
955
Views
0
Helpful
1
Replies

Azure CSR 1000v IPSec ikev1 tunnel to private data center

pashtet13
Level 1
Level 1

‎02-13-2018 02:54 PM - edited ‎03-08-2019 01:50 PM

Trying to configure ikev1 IPSec tunnel from Azure CSR 1000v back to my data center to use GRE over IPSec. It's driving me crazy, because the tunnel is not coming up. VPN config in our private datacenter is the same as other tunnels we have, but I see no traffic and no output from show crypto isakmp sa. Here is CSR config, I hope this is something simple that I missed:

 

crypto isakmp policy 1
 encr aes 256
 hash sha256
 authentication pre-share
 group 2

crypto isakmp key mykey address 1.2.3.4  

crypto ipsec transform-set T1 esp-aes 256 esp-sha256-hmac
 mode transport

crypto ipsec profile P1
 set transform-set T1
         
crypto map Test-tunnel 10 ipsec-isakmp
 set peer 1.2.3.4
 set transform-set T1
 match address 120

interface Loopback1
 description IPsec/GRE Tunnel Source
 ip address 10.0.254.6 255.255.255.255
 ip mtu 1500
!
interface Tunnel1

 description GRE tunnel
 ip address 10.0.1.29 255.255.255.252
 ip mtu 1400
 ip tcp adjust-mss 1360
 tunnel source Loopback1
 tunnel destination 10.0.254.4
!
interface GigabitEthernet1
 ip address dhcp
 negotiation auto
 no mop enabled
 no mop sysid
 crypto map Test-tunnel

ip route 0.0.0.0 0.0.0.0 10.6.0.1
ip route 10.0.254.4 255.255.255.255 GigabitEthernet1

access-list 120 permit ip host 10.0.254.6 host 10.0.254.4

 

Debug isakmp produces nothing either

2 people had this problem
Labels:
0 Helpful
1 Reply 1

johnlloyd_13
Level 9
Level 9

‎02-14-2018 12:21 AM

hi,

can the CSR ping 1.2.3.4?

post the config on the DC side to compare if they're "mirrored".

0 Helpful
Customers Also Viewed These Support Documents