cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2199
Views
0
Helpful
0
Replies

887VA IPSEC Site to Site VPN (887VA to 877)

leebridgewater
Level 1
Level 1

Hello,

I've been trying for the pas 8 hours to connect a new Cisco 887VA K9 VDSL router to an existing site to site VPN (The original 877 failed).

I simply cannot get the router to connect to the site to site VPN, I tried TFTP'ing the original config from the failed 877 but that didn't work.

Here is the outline of the network where this 887 will reside:

LAN IP address of the Cisco router is 192.168.10.254
LAN IP of the DHCP server on the LAN is 192.168.10.1
Client computers use the LAN with the subnet of 192.168.10.0 / 24 the DHCP server is a DC.


The client computers use an RDP session on the head office network using IP 192.168.1.5, the subnet of the remote network is 192.168.1.0 /24

Here is the config I have written so far on the new 887VA, I have internet access but no IPSEC Site to Site VPN.


=====[ start 887VA config ] ======

887VA#sh run
Building configuration...

Current configuration : 2476 bytes
!
! Last configuration change at 18:45:34 UTC Tue Jul 23 2013
! NVRAM config last updated at 17:50:28 UTC Tue Jul 23 2013
! NVRAM config last updated at 17:50:28 UTC Tue Jul 23 2013
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 887VA
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
ip source-route
!
!
!
!
!
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887VA-K9 sn XXXXXXXXXX
!
!
!
!
!
!
controller VDSL 0
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address XX.XXX.XXX.XXX
!
!
crypto ipsec transform-set tr-aes-sha esp-aes esp-sha-hmac
crypto ipsec transform-set tr-3des-sha esp-3des esp-sha-hmac
!
crypto map CMAP 10 ipsec-isakmp
set peer XX.XXX.XXX.XXX
set transform-set tr-3des-sha
match address NAT
!
crypto map cmap 10 ipsec-isakmp
! Incomplete
set transform-set tr-aes-sha
!
!
!
!
!
interface Ethernet0
no ip address
shutdown
no fair-queue
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
atm ilmi-keepalive
pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
description LAN
ip address 192.168.10.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer0
no ip address
!
interface Dialer1
description Interface for ADSL/VDSL
mtu 1492
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication pap chap ms-chap callin
ppp chap hostname businesshub@btbroadband.com
ppp chap password 0 bt
ppp ipcp address accept
no cdp enable
crypto map CMAP
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list NAT interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended NAT
permit ip 192.168.10.0 0.0.0.255 any
!
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
transport input all
!
end

887VA#


=====[ end config ] =========


I'm usure as to what transform set I'm using at the peer, the peer is an 877 and I've got the following in the config on that device with
relation to transform set:

====[ Beging Peer config snippet ] =====

!
crypto ipsec transform-set tr-null-sha esp-null esp-sha-hmac
crypto ipsec transform-set tr-des-md5 esp-des esp-md5-hmac
crypto ipsec transform-set tr-3des-md5 esp-3des esp-md5-hmac
crypto ipsec transform-set tr-3des-sha esp-3des esp-sha-hmac
crypto ipsec transform-set tr-aes-sha esp-aes esp-sha-hmac
!

====[ end Peer config snippet ] =====


I'm desperate to get this sorted, I can't use SDM on the 887VA as it appears it's not supported : (

Any help and assistance would be appreciated, please let me know if you require any further info.

Many thanks in anticipation

Lee

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: