you were right, after correcting the right peers and crypt acl matched the correct interesting traffic, somehow when I had the script and be ready for copy and paste, that made me fail, so I did it step by step, and no errors, tunnels are up and running, thanks for the catch up ... View more

yes, not sure and not quite familiar with the CLI,  I modified so Ips are fake, the rest is what I currently have    not sure how to revert it back BEFORE THE CHANGE crypto map OUTSIDE_map1 10 match address OUTSIDE_cryptomap_9 crypto map OUTSIDE_map1 10 set peer 37.120.33.66 crypto map OUTSIDE_map1 10 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES   BELOW AFTER THE CHANGE crypto map OUTSIDE_map1 10 match address OUTSIDE_cryptomap_9 crypto map OUTSIDE_map1 10 set peer 37.120.33.66 38.122.33.68 crypto map OUTSIDE_map1 10 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map OUTSIDE_map1 11 match address OUTSIDE_cryptomap_10 crypto map OUTSIDE_map1 11 set peer 38.122.33.68 crypto map OUTSIDE_map1 11 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES INFO: You must configure ikev2 remote-authentication pre-shared-key and/or certificate to complete authentication. ERROR: Exceeded maximum of 9 ipsec-proposals for crypto map. CISCO_ASAFW/pri/act(config)# ... View more

Thank you Julio, I see what you mean,    Thanks for your time,  ... View more

Thank you so much Richard, Im truly glad with had the time to assist me, I gave a shot on PT after making the changes and it did not work,    However, I remade it on Eve NG, and this time, it worked very well, I did the test and both subnets can reach each other after using the proper static routes, using the tunnel    For sure, PT still it not on stable and has soo many limitations, but anyhow,    I want to thank you for all your support and the other feedback I got,                       R3#ping 10.0.4.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.4.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms R3#ping 172.16.0.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.0.4, timeout is 2 seconds: !!!!!   I tested shutting down one of the uplinks of R3 and the packets always arrive achieving its objective,    R3(config)#int e0/0 R3(config-if)#shut R3(config-if)#end *Jan 13 00:02:49.219: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Ethernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached R3(config-if)#end R3#traceroute 10.0.4.1 *Jan 13 00:02:51.195: %SYS-5-CONFIG_I: Configured from console by console *Jan 13 00:02:51.214: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down *Jan 13 00:02:52.219: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to down R3#ping 10.0.4.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.4.1, timeout is 2 seconds: !!!!!                           ... View more

thanks for your feedback, Im still trying to set it up for the packet tracer, Im just giving my last shot before trying on GNS3 or any other platform,   I did what was recommended, the tunnel comes up via the loopbacks, I made the static routes and each LAN is known, but as soon as I shut down the serial 0/0/0 on R3, I get this output like it does not know how to reach it, despite the fact that the loopback is reachable via OSPF when trying to ping the LAN of R3 from R4:   R4#ping 10.0.4.129   Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.4.129, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5)   ==========================================   this is the config of R3 so far:    interface Loopback0 ip address 4.4.4.4 255.255.255.255 ip ospf 1 area 0 ! interface Tunnel0 ip address 172.16.0.4 255.255.255.0 mtu 1476 tunnel source Loopback0 tunnel destination 3.3.3.3 ! ! interface GigabitEthernet0/0 ip address 10.0.4.1 255.255.255.128 duplex auto speed auto ! interface GigabitEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 ip address 200.0.0.13 255.255.255.252 clock rate 2000000 ! interface Serial0/0/1 ip address 200.0.0.6 255.255.255.252 ! interface Vlan1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 200.0.0.12 0.0.0.3 area 0 network 200.0.0.4 0.0.0.3 area 0 ! ip classless ip route 10.0.4.128 255.255.255.224 3.3.3.3 ! ================================BELOW CONFIG OF R3==================================   interface Loopback0 ip address 3.3.3.3 255.255.255.255 ip ospf 1 area 0 ! interface Tunnel0 ip address 172.16.0.3 255.255.255.0 mtu 1476 tunnel source Loopback0 tunnel destination 4.4.4.4 ! ! interface GigabitEthernet0/0 ip address 10.0.4.129 255.255.255.224 duplex auto speed auto ! interface GigabitEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 ip address 200.0.0.14 255.255.255.252 clock rate 2000000 shutdown ! interface Serial0/0/1 ip address 200.0.0.10 255.255.255.252 clock rate 2000000 ! interface Vlan1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 200.0.0.8 0.0.0.3 area 0 network 200.0.0.12 0.0.0.3 area 0 ! ip classless ip route 10.0.4.0 255.255.255.128 4.4.4.4     ============PERSPECTIVE FROM R3 WHEN SERIAL 0/0/0 IS ACTIVE=============   R3#show ip route 10.0.4.0 Routing entry for 10.0.4.0/25 Known via "static", distance 1, metric 0 Routing Descriptor Blocks: * 4.4.4.4 Route metric is 0, traffic share count is 1   R3#show ip route 4.4.4.4 Routing entry for 4.4.4.4/32 Known via "ospf 1", distance 110, metric 65, type intra area Last update from 200.0.0.13 on Serial0/0/0, 00:00:20 ago Routing Descriptor Blocks: * 200.0.0.13, from 4.4.4.4, 00:00:20 ago, via Serial0/0/0 Route metric is 65, traffic share count is 1   R3#   R3#show ip int brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 10.0.4.129 YES manual up up GigabitEthernet0/1 unassigned YES unset administratively down down Serial0/0/0 200.0.0.14 YES manual up up Serial0/0/1 200.0.0.10 YES manual up up Loopback0 3.3.3.3 YES manual up up Tunnel0 172.16.0.3 YES manual up up   ===================PERSPECTIVE WHEN SERIAL IS SHUTDOWN FROM R3==========================   R3#show ip route 4.4.4.4 Routing entry for 4.4.4.4/32 Known via "ospf 1", distance 110, metric 193, type intra area Last update from 200.0.0.9 on Serial0/0/1, 00:00:06 ago Routing Descriptor Blocks: * 200.0.0.9, from 4.4.4.4, 00:00:06 ago, via Serial0/0/1 Route metric is 193, traffic share count is 1   R3#show ip route 10.0.4.0 Routing entry for 10.0.4.0/25 Known via "static", distance 1, metric 0 Routing Descriptor Blocks: * 4.4.4.4 Route metric is 0, traffic share count is 1   R3#   but still I cannot reach the other ends LAN   R3#ping 10.0.4.1   Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.4.1, timeout is 2 seconds: U.U   any ideas on what I might be missing as far as the config is related to?   thanks so much     ... View more

Understood Sir,   You are absolutely right, let me use the loopbacks instead and give it a shot, if it does not work because PT limitations, I will give it a try like Julio states,      ... View more

I see, intersting, let me give it a shot, using loopbacks, I did not see the fact that  serial0/0/0 if I shutdown, like no failover will occur, but the requirement confused when it said, use only static routes for GRE LAN :/   super thanks for your feedback,  ... View more

Hi Sir,    I have attached the file,    Thank you for your support,  ... View more

thank you thank you thank you :)    it worked ... View more