cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
434
Views
3
Helpful
3
Replies
Highlighted
Beginner

Forcing start negotiating IPsec VPN Sit-to-site

Hello

I've attached two TXT files with the configurations of the two cisco routers 837.

The problem is that the Router2 has dynamic IP, and to establish the tunnel have to do a ping from the interface to the ethernet 0 Router1.

You may autonegotiate the connection?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Frequent Contributor

Re: Forcing start negotiating IPsec VPN Sit-to-site

Try without a loop back just source it from ethernet 0 instead.

3 REPLIES 3
Frequent Contributor

Re: Forcing start negotiating IPsec VPN Sit-to-site

On our router 2 instead you can setup IP SLA with a loopback interface, something like this:

ip sla 10

icmp-echo x.x.x.x source-ip or source-interface loopback0 etc

frequency 15

ip sla schedule 10 life forever start-time now

Beginner

Re: Forcing start negotiating IPsec VPN Sit-to-site

Hello,

thank you very much for your answer. I've updated the settings and I have gained a new forum.

By now not working. I could not use the exact settings as you have made me because the version of IOS does not.

A router with ios 837: c837-k9o3sy6-mz.124-25d.bin

What is missing from the configuration to run the loopback?

Cisco IOS Software, C837 Software (C837-K9O3SY6-M), Version 12.4(25d), RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2010 by Cisco Systems, Inc.

Compiled Wed 18-Aug-10 12:51 by prod_rel_team

ROM: System Bootstrap, Version 12.2(11r)YV1, RELEASE SOFTWARE (fc1)

System returned to ROM by reload

System restarted at 17:04:51 UTC Thu Jan 17 2013

System image file is "flash:c837-k9o3sy6-mz.124-25d.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco C837 (MPC857DSL) processor (revision 0x501) with 44237K/4915K bytes of memory.

Processor board ID xxx, with hardware revision 0000

CPU rev number 7

2 Ethernet interfaces

4 FastEthernet interfaces

1 ATM interface

128K bytes of NVRAM.

12288K bytes of processor board System flash (Read/Write)

2048K bytes of processor board Web flash (Read/Write)

Configuration register is 0x2102

Frequent Contributor

Re: Forcing start negotiating IPsec VPN Sit-to-site

Try without a loop back just source it from ethernet 0 instead.