Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi everyone,I'm having toruble with a basic configuration DMVPN. In the debugging I can see how ISAKMP phase 1 completes, but them the phase 2 proposal fails. It says something about a cryptomap that doesnt exists. I thought that with these configura...
Hi everyone,I'm having toruble with a basic configuration DMVPN. The debug ISAKMp shows:06:42:44: ISAKMP (0:61): beginning Main Mode exchange06:42:44: ISAKMP (0:61): sending packet to 64.116.x.x my_port 500 peer_port 500 (I) MM_NO_STATE06:42:54: ISAK...
Hi everyone,I'm working to stablish a secure IPSec connection between 2 routers: one CISCO ISR 2811 and one CISCO 2621. The problem is that the IP addresses from the ISP are dynamicly assigned. The other problem is, that I don't know too much about r...
Hi, I'm practicing a little with 2 routers CISCO 2811 and 2621. I made the basic configuration for an IPSec connection but the tunnel doesn't seem to come up. Also, I can ping each other router's external interface but I can't ping the inside network...
Hi everyone,I'm trying to setup a lab enviroment to stablish a DMVPN. I have two routers CISCO 2811, IOS version 12.4(3j). I need to configure those routers to stablish a DMVPN. For the spoke router, I have have an ISP that provides dynamic addressin...
I finally works, all I needed was to configure the transport mode in the transform-set. Know I know that doing the NAT-Transparency Aware works, even though the firewall is not Cisco, it allow the traffic and the tunnel comes up.Here's the evidence:s...
Ok Guys, I got 1 problem here. So I think it's an issue with the NAT as well. But the thing is that the router it's not Cisco, it's a Watchguard Firewall X Peak 5500, so I don't know how to bypass ACL over IPSEC connections within this firewall. I al...
So I changed the network ID numbers to 50. Still doesn't comes up. Now I got a question. I don't know if you notice but I have a Firewall in the middle doing NAT. In the show crypto map in the Spoke, it says: access-list 103 permit gre host 190.201.x...
I tried the command show crypto map in the hub router and the spoke, and I can see what the error message is refered to.Here's what the Hub router shows:RPrueba2#sh cryp mapCrypto Map "Tunnel0-head-0" 65536 ipsec-isakmp Profile name: medium ...
Ok, I actually solve the problem with the fireall, now the two routers are sending and receiving the messages. But the crypto siakmp in the hub router shows that only PHASE1 completes. There is an error during PHASE2 which I really don't understand:*...