Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
900
Views
5
Helpful
8
Replies

set a IPSec tunel between 2 sites

nowak-kacper99
Level 1
Level 1

‎01-21-2025 03:10 PM - edited ‎01-21-2025 03:18 PM

I need help in establishing an IPSec connecting between two sites. i want to set IPSec between r1 and r2

left router is R1 in the outside i've got the network 10.0.0.8/30, 10.66.0.x/24 - x is a diferent serwers in the netowrk,and 192.168.x.0/24 x - its vlans 10,20,30,40,100,220  

On the seccond site of ipsec on the R2 ive got network 192.168.120.0/24

nowakkacper99_0-1737501356935.png

 

 

Labels:
Preview file
1 KB
Preview file
2 KB
Preview file
3 KB
0 Helpful
8 Replies 8

Flavio Miranda
VIP
VIP

‎01-21-2025 04:05 PM

@nowak-kacper99 

Zip the packettracer file and attach here. 

nowak-kacper99
Level 1
Level 1

‎01-21-2025 04:14 PM

Sure, here u go

przed-ipsec.zip
0 Helpful

Flavio Miranda
VIP
VIP
In response to nowak-kacper99

‎01-21-2025 04:45 PM

@nowak-kacper99 

It works. See file attached.

 

Router#sh crypto isakmp sa

IPv4 Crypto ISAKMP SA

dst src state conn-id slot status

20.20.20.1 30.30.30.1 QM_IDLE 1082 0 ACTIVE

 

 

IPv6 Crypto ISAKMP SA

 

 

 

Router#sh crypto ipsec sa

 

interface: Serial0/1/0

Crypto map tag: mymap, local addr 30.30.30.1

 

protected vrf: (none)

local ident (addr/mask/prot/port): (192.168.120.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (10.66.0.0/255.255.255.0/0/0)

current_peer 20.20.20.1 port 500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 18, #pkts encrypt: 18, #pkts digest: 18

#pkts decaps: 18, #pkts decrypt: 18, #pkts verify: 18

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0

#pkts not decompressed: 0, #pkts decompress failed: 0

#send errors 1, #recv errors 0

 

local crypto endpt.: 30.30.30.1, remote crypto endpt.:20.20.20.1

path mtu 1500, ip mtu 1500, ip mtu idb Serial0/1/0

current outbound spi: 0x6391627B(1670472315)

 

inbound esp sas:

spi: 0xD257BB92(3528965010)

transform: esp-3des ,

in use settings ={Tunnel, }

conn id: 2005, flow_id: FPGA:1, crypto map: mymap

sa timing: remaining key lifetime (k/sec): (4525504/1775)

IV size: 16 bytes

replay detection support: Y

Status: ACTIVE

 

inbound ah sas:

spi: 0xAA07EDC8(2852646344)

transform: ah-sha-hmac ,

in use settings ={Tunnel, }

conn id: 2005, flow_id: FPGA:1, crypto map: mymap

sa timing: remaining key lifetime (k/sec): (4525504/1775)

IV size: 16 bytes

replay detection support: Y

Status: ACTIVE

 

inbound pcp sas:

 

outbound esp sas:

spi: 0x6391627B(1670472315)

transform: esp-3des ,

in use settings ={Tunnel, }

conn id: 2006, flow_id: FPGA:1, crypto map: mymap

sa timing: remaining key lifetime (k/sec): (4525504/1775)

IV size: 16 bytes

replay detection support: Y

Status: ACTIVE

 

outbound ah sas:

spi: 0x2FE3C1C8(803455432)

transform: ah-sha-hmac ,

in use settings ={Tunnel, }

conn id: 2006, flow_id: FPGA:1, crypto map: mymap

sa timing: remaining key lifetime (k/sec): (4525504/1775)

IV size: 16 bytes

replay detection support: Y

Status: ACTIVE

 

outbound pcp sas:

 

praca_inzynierska.1-przed_ipsec-v2.zip

nowak-kacper99
Level 1
Level 1

‎01-21-2025 04:56 PM

i dont know what is happened when i try to ping site a to site b or site b to site a the ping is die

nowakkacper99_0-1737507349261.png




and when i try to check 
r1 sh crypto ipsec sa i ve got smh like this 

Router>en

Router#sh cry

Router#sh crypto ip

Router#sh crypto ipsec sa

 

interface: Serial0/1/0

Crypto map tag: mymap, local addr 30.30.30.1

 

protected vrf: (none)

local ident (addr/mask/prot/port): (192.168.120.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (10.66.0.0/255.255.255.0/0/0)

current_peer 20.20.20.1 port 500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0

#pkts not decompressed: 0, #pkts decompress failed: 0

#send errors 0, #recv errors 0

 

local crypto endpt.: 30.30.30.1, remote crypto endpt.:20.20.20.1

path mtu 1500, ip mtu 1500, ip mtu idb Serial0/1/0

current outbound spi: 0x0(0)

 

inbound esp sas:

 

inbound ah sas:

 

inbound pcp sas:

 

outbound esp sas:

 

outbound ah sas:

can u tell me why

outbound pcp sas:

0 Helpful

Flavio Miranda
VIP
VIP
In response to nowak-kacper99

‎01-21-2025 05:12 PM

@nowak-kacper99

You can test this file instead

praca_inzynierska.1-przed_ipsec-v3.zip

nowak-kacper99
Level 1
Level 1

‎01-21-2025 05:20 PM

Thanks bro, the ping between the site a and b is working but still the packets is not encrypted if my way to check it is right, and i dont know why

nowakkacper99_0-1737508753672.png

 

0 Helpful

Flavio Miranda
VIP
VIP
In response to nowak-kacper99

‎01-21-2025 05:27 PM

this one should be working. 

praca_inzynierska.1-przed_ipsec-v4.zip

nowak-kacper99
Level 1
Level 1

‎01-21-2025 05:30 PM

yeees bro its working, than u soo much u are great

Customers Also Viewed These Support Documents