cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4262
Views
8
Helpful
17
Replies

Site-to-Site VPN Tunnel Down

mosrahma
Level 1
Level 1

Hi,

        I am trying to configure Site-to-Site VPN Tunnel using GNS3 for learning purpose for own sake, but always showing Session Status: Down. I got help from website and book, and followed all procedures, but still I could not make it work. I attached my configuration. Any kind of help will be appreciated.

Thanks,

Mostafa

17 Replies 17

Eugene Korneychuk
Cisco Employee
Cisco Employee

Hello,

Try to add routes to networks on the remote sites.

Best Regards,

Eugene

Hi Eugene,

                Do I need to add static route for remote sites?

Thanks,

Mostafa

You can put static route or default route.

Best Regards,

Eugene

I added static route still does not work.

For Router R1

ip route 172.16.10.0 255.255.255.0 f0/0

For Router R3

ip route 10.10.10.0 255.255.255.0 f0/0

Check the rooting in general, since it is not real life, remove cryptomaps, and check connectivity between loopbacks.

Best Regards,

Eugene

without crypto map, the loopbacks are not reachable each other, because I did not advertise the loopbacks IPs. So my concern is the loopbacks should reach each other by crypto map.

Hi Eugene,

                 I also tried to use CCP, but still tunnel was showing down, after that I am trying to use CLI to do fast and make it work..

Also I am very confused about adding route, because I did not find any references that said I had to add route to make VPN tunnel up.

Hi Eugene,

                   What does it mean End−to−End IP connectivity must be established before starting this configuration? I want to make VPN tunnnel bet these 2 networks 10.10.10.0/24 and 172.16.10.0/24. Should they be reachable before making crypto map?

Thanks,

Mostafa

No they shouldn't.

Try just to copy configurations...

Anyway correcr routing should be applied. Check how it configured in example. Your devices need to know where to forward traffic.

Best Regards,

Eugene

Hi Eugene,

                 The documnet you gave me that also makes me confused.  The VPN tunnel was made for 10.10.10.0/24 and 10.10.20.0/24. Please see the advertizing routing. This is for Router B.

ip classless
ip route 10.10.10.0 255.255.255.0 172.17.1.2
ip route 10.77.233.0 255.255.255.0 10.77.241.65
ip route 172.16.1.0 255.255.255.0 172.17.1.2

Thanks,

Mostafa

Hi Mohammad,

Regarding to routing when using crypto map I think the best is just to remember that you need to have route to remote LAN going out of the interface on which you have crypto map attached.

In your case as an example on R3 you could have:

ip route 10.10.10.0 255.255.255.0 192.168.20.3

On R1:

ip route 172.16.10.0 255.255.255.0 192.168.10.2

192.168.20.3 or 192.168.10.2 might be nonexisting host, but the most important thing for the router is that it will hit the crypto map while routing the traffic out.

Hope that helps.

Cheers.

Hi Mohammad,

I worked out this on GNS3 and it worked for me. below I have attached the configurations and Network Topology for reference.

IP's i have considered is an example lab setup, please change them accordingly in your set up or requirement.

Hyd ----------------------ISP-------------------------------:LA

           1.1.1.1/30                        2.2.2.0/30

Hope this help you.

Let me know if any assist you need and please provide the relevant output.

Kindly, rate the helpful post.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: