Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
631
Views
0
Helpful
0
Replies

C887 vpn ikev2 down

AlbacoreDan1
Level 1
Level 1

‎07-07-2020 09:38 AM

Hi everyone,

 

Wonder if someone could share some light and help me with this configuration here?

Am i missing something simple?

 

!
crypto ikev2 proposal Prop-customer1
encryption aes-cbc-256
integrity sha256
group 19
!
crypto ikev2 policy POL-Customer1
proposal Prop-customer1
!
crypto ikev2 keyring customer-1
peer customer1
address x.y.z.z
pre-shared-key secret
!
!
!
crypto ikev2 profile PROFILE-Customer1
match identity remote address x.y.z.z 255.255.255.255

authentication remote pre-share
authentication local pre-share
keyring local customer-1
!
!
!
controller VDSL 0
modem ukfeature
no cdp run
!
ip tcp synwait-time 10
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
!

crypto ipsec transform-set TS-Customer1 esp-aes 256 esp-sha256-hmac
mode tunnel
!

!
crypto map SDM_CMAP_1 1 ipsec-isakmp
set peer x.y.z.z
set transform-set TS-Customer1
set pfs group19
set ikev2-profile PROFILE-Customer1
match address VPNACL-Customer1
!

!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
ubr 500
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Ethernet0
no ip address
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!

interface Vlan1
description $FW_INSIDE$
ip address 10.0.226.254 255.255.255.0
ip access-group 103 in
ip nat inside
ip virtual-reassembly in
hold-queue 100 out
!
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
ip access-group 104 in
ip nat outside
ip inspect CCP_LOW out
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname username
ppp chap password 7 11111111111
crypto map SDM_CMAP_1
!

ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!
!
ip dns server
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source route-map SDM_RMAP_2 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended VPNACL-Customer1
permit ip 10.0.226.0 0.0.0.255 10.0.99.0 0.0.0.255
!

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents