02-02-2014 06:34 AM
Hi People,
I am having issues trying to bring to get a site-site VPN directly connect up.
I think I have made the basic requirements for the VPN configurations however when I do a test ping on R7 fsourced from the lo0 interface to the 2.2.2.2 i do not see any responses likewise when I do when I ping the 1.1.1.1 sourced from lo R8, no reply. the Isakmp SA is not activated too.
I have tried the same conguration on different IOS but still to no avail.
Every assistance is deeply appreciated.
The routers are 7200 ios and they are versioned as follows:
Cisco IOS Software, 7200 Software (C7200-JK9O3S-M), Version 12.4(19), RELEASE S OFTWARE (fc1)
See configuration below:
For R7
=====
hostname R7
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp peer address 10.1.12.2
!
!
crypto ipsec transform-set TEST esp-3des esp-md5-hmac
!
crypto map CMAP 10 ipsec-isakmp
set peer 10.1.12.2
set transform-set TEST
match address 120
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.12.1 255.255.255.0
ip ospf 1 area 1
duplex auto
speed auto
crypto map CMAP
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
access-list 120 permit ip host 1.1.1.1 host 2.2.2.2
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
For R8
=====
hostname R8
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco123 address 10.1.12.1
!
!
crypto ipsec transform-set TEST esp-3des esp-md5-hmac
!
crypto map CMAP 10 ipsec-isakmp
set peer 10.1.12.1
set transform-set TEST
match address 120
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 10.1.12.2 255.255.255.0
ip ospf 1 area 1
duplex auto
speed auto
crypto map CMAP
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
access-list 120 permit ip host 2.2.2.2 host 1.1.1.1
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
02-05-2014 11:58 PM
Unless I missed it, R7 doesn't have a key defined. That would cause Phase 1 to fail too.
Thank you.
Joe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: