cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
342
Views
0
Helpful
1
Replies

Site-to-site VPN issues on Cisco IOS

oukpaka
Level 1
Level 1

                   Hi People,

                    I am having issues trying to bring to get a site-site VPN directly connect up.

                    I think I have made the basic requirements for the VPN configurations however when I do a test ping on R7 fsourced from the lo0 interface to  the 2.2.2.2  i do not see any responses likewise when I do when I ping the 1.1.1.1 sourced from lo R8, no reply. the Isakmp SA is not activated too.

I have tried the same conguration on different IOS but still to no avail.

Every assistance is deeply appreciated.

The routers are 7200 ios and they are versioned as follows:

Cisco IOS Software, 7200 Software (C7200-JK9O3S-M), Version 12.4(19), RELEASE S                                                                                         OFTWARE (fc1)

See configuration below:

For R7

=====

hostname R7

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

no ip icmp rate-limit unreachable

!

!

ip cef

no ip domain lookup

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

ip tcp synwait-time 5

!

!

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 2

!

crypto isakmp peer address 10.1.12.2

!

!

crypto ipsec transform-set TEST esp-3des esp-md5-hmac

!

crypto map CMAP 10 ipsec-isakmp

set peer 10.1.12.2

set transform-set TEST

match address 120

!

!

!

!

interface Loopback0

ip address 1.1.1.1 255.255.255.0

!

interface FastEthernet0/0

ip address 10.1.12.1 255.255.255.0

ip ospf 1 area 1

duplex auto

speed auto

crypto map CMAP

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

router ospf 1

router-id 1.1.1.1

log-adjacency-changes

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

!

access-list 120 permit ip host 1.1.1.1 host 2.2.2.2

!

!

!

!

control-plane

!

!

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

stopbits 1

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

stopbits 1

line vty 0 4

login

!

!

end

For R8

=====

hostname R8

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

no ip icmp rate-limit unreachable

!

!

ip cef

no ip domain lookup

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

ip tcp synwait-time 5

!

!

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key cisco123 address 10.1.12.1

!

!

crypto ipsec transform-set TEST esp-3des esp-md5-hmac

!

crypto map CMAP 10 ipsec-isakmp

set peer 10.1.12.1

set transform-set TEST

match address 120

!

!

!

!

interface Loopback0

ip address 2.2.2.2 255.255.255.255

!

interface FastEthernet0/0

ip address 10.1.12.2 255.255.255.0

ip ospf 1 area 1

duplex auto

speed auto

crypto map CMAP

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

router ospf 1

router-id 2.2.2.2

log-adjacency-changes

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

!

access-list 120 permit ip host 2.2.2.2 host 1.1.1.1

!

!

!

!

control-plane

!

!

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

stopbits 1

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

stopbits 1

line vty 0 4

login

!

!

end

1 Reply 1

jshojayi
Level 1
Level 1

Unless I missed it, R7 doesn't have a key defined. That would cause Phase 1 to fail too.

Thank you.

Joe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: