Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1364
Views
0
Helpful
0
Replies

VTI hub and spoke configuration

Tracey Foster
Level 1
Level 1

‎06-08-2012 01:31 PM - edited ‎03-07-2019 07:09 AM

Good afternoon,

After a week of tryign to config, and even erasing the config entirely and start over, I am unable to establish a VTI tunnel!  Attached config files and Crypto tech-support print out is in file.  Spoke Tunnel is line up protocol down and unable to connect...  What am I missing?????  Am I point to the wrong interfaces, are my IP routes wrong or eigrp needs a change? 

long pst below, but the attached files shows almost everything.

Any help would be greatly appreciated!

Tracey

______________________________________________________

                  

DVTI basic config:

crypto keyring POD

  pre-shared-key address 0.0.0.0 0.0.0.0 key japod

!

crypto isakmp policy 100

encr aes 256

authentication pre-share

group 5

crypto isakmp profile VPN-IKE

   keyring POD

   match identity address 0.0.0.0

   virtual-template 1

!

!

crypto ipsec transform-set AES-256-SHA esp-aes 256 esp-sha-hmac

!

crypto ipsec profile JaggedAmber

set transform-set AES-256-SHA

set pfs group5

interface Loopback0

ip address 192.168.50.1 255.255.255.255

interface GigabitEthernet0/1

ip address 192.168.28.1 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/2

ip address 192.168.30.1 255.255.255.0

duplex auto

speed auto

!

interface Virtual-Template1 type tunnel

ip unnumbered Loopback0

ip authentication mode eigrp 100 md5

ip authentication key-chain eigrp 1 pod

tunnel source GigabitEthernet0/2

tunnel mode ipsec ipv4

tunnel protection ipsec profile JaggedAmber

!

!

router eigrp 100

network 192.168.28.0

network 192.168.30.0

network 192.168.32.0

crypto keyring POD

  pre-shared-key address 192.168.30.1 key japod

!

crypto isakmp policy 1

encr aes 256

authentication pre-share

group 5

!

!

crypto ipsec transform-set AES-256-SHA esp-aes 256 esp-sha-hmac

!

crypto ipsec profile JaggedAmber

set transform-set AES-256-SHA

!

interface Loopback0

ip address 192.168.51.1 255.255.255.255

!

interface Tunnel0

ip unnumbered Loopback0

tunnel source GigabitEthernet0/2

tunnel mode ipsec ipv4

tunnel destination 192.168.30.1

tunnel protection ipsec profile JaggedAmber

interface GigabitEthernet0/1

ip address 10.3.1.1 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/2

ip address 192.168.30.2 255.255.255.0

duplex auto

speed auto

!

!

router eigrp 100

network 10.0.0.0

network 192.168.30.0

network 192.168.32.0

crypto keyring POD

  pre-shared-key address 0.0.0.0 0.0.0.0 key japod

!

crypto isakmp policy 100

encr aes 256

authentication pre-share

group 5

crypto isakmp profile VPN-IKE

   keyring POD

   match identity address 0.0.0.0

   virtual-template 1

!

!

crypto ipsec transform-set AES-256-SHA esp-aes 256 esp-sha-hmac

!

crypto ipsec profile JaggedAmber

set transform-set AES-256-SHA

set pfs group5

interface Loopback0
ip address 192.168.50.1 255.255.255.255

interface GigabitEthernet0/1
ip address 192.168.28.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 192.168.30.1 255.255.255.0
duplex auto
speed auto
!
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 1 pod
tunnel source GigabitEthernet0/2
tunnel mode ipsec ipv4
tunnel protection ipsec profile JaggedAmber
!
!
router eigrp 100
network 192.168.28.0
network 192.168.30.0
network 192.168.32.0

ip route 0.0.0.0 0.0.0.0 192.168.32.2

_______________________________________

Spoke basic config:

crypto keyring POD
  pre-shared-key address 192.168.30.1 key japod
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 5
!
!
crypto ipsec transform-set AES-256-SHA esp-aes 256 esp-sha-hmac
!
crypto ipsec profile JaggedAmber
set transform-set AES-256-SHA
!

interface Loopback0
ip address 192.168.51.1 255.255.255.255
!
interface Tunnel0
ip unnumbered Loopback0
tunnel source GigabitEthernet0/2
tunnel mode ipsec ipv4
tunnel destination 192.168.30.1
tunnel protection ipsec profile JaggedAmber

interface GigabitEthernet0/1
ip address 10.3.1.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 192.168.30.2 255.255.255.0
duplex auto
speed auto
!
!
router eigrp 100
network 10.0.0.0
network 192.168.30.0
network 192.168.32.0

ip route 0.0.0.0 0.0.0.0 Tunnel0

Labels:
129477-Spoke.txt.zip
129478-DVTI.txt.zip
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents