04-30-2012 06:45 AM - edited 02-21-2020 06:02 PM
Hello folks,
I'm trying to implement the example from URL:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801eafcb.shtml
The platform and version of HUB device is:
Cisco CISCO1941/K9 (revision 1.0) with 491520K/32768K bytes of memory.
Processor board ID FGL1609259P
2 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
-----------------
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.2(2)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Tue 15-Nov-11 20:59 by prod_rel_team
NAT not is setup on HUB router and I get connect by VPN Client to HUB device, but I cannot ping the internal network (192.168.1.0), my running-config is:
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network VPNClient-group local
!
!
!
!
!
aaa session-id common
!
!
no ipv6 cef
no ip source-route
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
!
!
!
!
no ip domain lookup
ip domain name xxxxxxxx.xxx
ip name-server 62.42.230.24
ip name-server 62.42.63.52
ip cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-2733018106
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2733018106
revocation-check none
rsakeypair TP-self-signed-2733018106
!
!
crypto pki certificate chain TP-self-signed-2733018106
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373333 30313831 3036301E 170D3132 30333032 31353037
33365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37333330
31383130 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B92B F81A2F3E 33234B63 FBD91FFA 90EE787E 09EFEDCE 911CFA44 70DA35F4
5089496E 01CE5835 056A20CF 72B68CEF 723AA1D5 D71436C9 1B7638D3 95F86532
D5D60F36 24C943C5 31318B1F E6A074BF A1341974 417B8180 554F561A 1640DBA5
F38E11F6 D5E590B9 9AEBD3BE 379127EC 7DE27330 011CEF02 F65CC3E7 89E51688
28F90203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 147CE938 008A2196 BA63D309 7033BC4F A795CA21 40301D06
03551D0E 04160414 7CE93800 8A2196BA 63D30970 33BC4FA7 95CA2140 300D0609
2A864886 F70D0101 05050003 8181007C 9B07A3A6 3B201473 86E499EF D9C2CDA4
B3298054 B928ABA6 A7360A44 CEE17E7E F6364E4A BCBC8049 203D5D34 015375E8
DA7342ED 441BED1C 0B7345CA 411E0988 0FB7D4B9 79458097 A3994D3D FD97BE26
5826DCD8 CE9A2E04 40B2CDE6 697E3713 BE6060D5 8C6ED250 322F7E96 0FD3FC72
88AB7F34 B7A1CE62 93F60CB1 3ABB06
quit
license udi pid CISCO1941/K9 sn FGL1609259P
!
!
username admin password 7 oiuoiuoiu
!
redundancy
!
!
!
!
!
!
crypto keyring dmvpnspokes
pre-shared-key address 0.0.0.0 0.0.0.0 key yyyyyy
!
crypto isakmp policy 10
hash md5
authentication pre-share
!
crypto isakmp policy 20
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group VPNClient-group
key hhhhhh
dns 192.168.1.210
wins 192.168.1.210
domain domain.local
pool dynpool
acl 101
crypto isakmp profile VPNClient
match identity group VPNClient-group
client authentication list userauthen
isakmp authorization list VPNClient-group
client configuration address respond
crypto isakmp profile DMVPN
keyring dmvpnspokes
match identity address 0.0.0.0
!
!
crypto ipsec transform-set dmvpnset esp-3des esp-md5-hmac
mode transport
!
!
crypto ipsec profile dmvpnprof
set security-association lifetime seconds 120
set transform-set dmvpnset
set isakmp-profile DMVPN
!
!
crypto dynamic-map dynmap 10
set transform-set dmvpnset
set isakmp-profile VPNClient
reverse-route
!
!
crypto map dynmap 1 ipsec-isakmp dynamic dynmap
!
!
!
!
!
interface Tunnel0
ip address 172.16.0.1 255.255.255.0
no ip redirects
ip mtu 1440
no ip split-horizon eigrp 90
ip nhrp authentication svdh48
ip nhrp map multicast dynamic
ip nhrp network-id 99
ip nhrp holdtime 300
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 0
tunnel protection ipsec profile dmvpnprof
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Acceso a LAN
ip address 192.168.1.1 255.255.255.0
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description Acceso a Internet
ip address dhcp
ip virtual-reassembly in
duplex auto
speed auto
crypto map dynmap
!
!
router eigrp 90
network 172.16.0.0 0.0.0.255
network 192.168.1.0
!
ip local pool dynpool 192.168.100.1 192.168.100.254
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 5 0
login authentication userauthen
line aux 0
exec-timeout 15 0
login authentication userauthen
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
login authentication userauthen
transport input telnet ssh
line vty 5 15
privilege level 15
login authentication userauthen
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
Can somebody help me, please?
Thanks in advance!
05-01-2012 02:46 AM
The ping only works from spoke to hub, the same thing happen with the routing updates. The spoke advertirse its networks on hub device, but the hub device doesn't it on spoke. Some idea?.
Thanks in advance
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide