Dear Colleagues
I am trying to achieve GRE Tunnel over IPSec VPN on Cisco 1841 router.
A2.B2.C2.D2 = TUNNEL SOURCE
W1.X1.Y1.Z1= TUNNEL DESTINATION
A3.B3.C3.D3= LOOPBACK ADDRESS
W2.X2.Y2.Z2= BGP PEER NEIGHBOUR
A1.B1.C1.D1= NETWORK published
I am running out of idea, that why am I getting below error
"no IPSEC cryptomap exists for local address A2.B2.C2.D2"
Please share your experience, or any troubleshooting steps,
Please note, there is already one GRE tunnel over IPSEC is working on the same router, following the same configuration.
Below is configuration at my end,
Phase 1 is setup correctly,
Site 2 Configuration
crypto isakmp policy 20
encr aes
authentication pre-share
group 2
cryptoisakmp key SITE5KEY address W1.X1.Y1.Z1
crypto ipsec transform-set SITE5VPN esp-aes 256 esp-sha-hmac
crypto map SITE5 20 ipsec-isakmp
description SITE5_IPSEC_GRX
set peer W1.X1.Y1.Z1
set transform-set SITE5VPN
match address 102
interface Tunnel20
description GRE tunnel to SITE5 GRX
ip unnumbered Loopback20
ip mtu 1400
keepalive 5 3
tunnel source A2.B2.C2.D2
tunnel destination W1.X1.Y1.Z1
crypto map SITE5
interface Loopback20
ip address A3.B3.C3.D3 255.255.255.255
interface FastEthernet0/1.3
description GRX_SITE5_IPVPN_6509_1/39
encapsulation dot1Q 556
ip address A2.B2.C2.D2 255.255.255.248
nosnmp trap link-status
crypto map SITE5
!
router bgp 64906
bgp log-neighbor-changes
neighbor W2.X2.Y2.Z2 remote-as 64905
neighbor W2.X2.Y2.Z2 description To-SITE5-IPSEC
neighbor W2.X2.Y2.Z2 ebgp-multihop 5
neighbor W2.X2.Y2.Z2 update-source Loopback20
neighbor W2.X2.Y2.Z2 version 4
address-family ipv4
no auto-summary
synchronization
network A1.B1.C1.D1 mask 255.255.255.0
exit-address-family
!
ip access-list extended SITE5_IN
permitip host W1.X1.Y1.Z1 host A2.B2.C2.D2
permitgre host W1.X1.Y1.Z1 host A2.B2.C2.D2
!
access-list 102 permit ip host A2.B2.C2.D2 host W1.X1.Y1.Z1
access-list 102 permitgre host A2.B2.C2.D2 host W1.X1.Y1.Z1
route-map localonly permit 20
match as-path 20
Site2_GRX#show crypto isakmp sa
dst src state conn-id slot status
A2.B2.C2.D2 W1.X1.Y1.Z1 QM_IDLE 451 0 ACTIVE
Site2_GRX#sh ip int brie
Tunnel20 A3.B3.C3.D3 YES TFTP up down
Debug
*Dec 15 14:35:32.273: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= A2.B2.C2.D2, remote= W1.X1.Y1.Z1,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
protocol= ESP, transform= esp-aes 256 esp-sha-hmac (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x2
*Dec 15 14:35:32.277: IPSEC(validate_transform_proposal): no IPSEC cryptomap exists for local address A2.B2.C2.D2
*Dec 15 14:35:32.277: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at W1.X1.Y1.Z1