cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

2665
Views
8
Helpful
17
Replies
Beginner

Site-to-Site VPN Tunnel Down

Hi,

        I am trying to configure Site-to-Site VPN Tunnel using GNS3 for learning purpose for own sake, but always showing Session Status: Down. I got help from website and book, and followed all procedures, but still I could not make it work. I attached my configuration. Any kind of help will be appreciated.

Thanks,

Mostafa

17 REPLIES 17
Cisco Employee

Site-to-Site VPN Tunnel Down

Hello,

Try to add routes to networks on the remote sites.

Best Regards,

Eugene

Beginner

Site-to-Site VPN Tunnel Down

Hi Eugene,

                Do I need to add static route for remote sites?

Thanks,

Mostafa

Cisco Employee

Site-to-Site VPN Tunnel Down

You can put static route or default route.

Best Regards,

Eugene

Beginner

Site-to-Site VPN Tunnel Down

I added static route still does not work.

For Router R1

ip route 172.16.10.0 255.255.255.0 f0/0

For Router R3

ip route 10.10.10.0 255.255.255.0 f0/0

Cisco Employee

Site-to-Site VPN Tunnel Down

Check the rooting in general, since it is not real life, remove cryptomaps, and check connectivity between loopbacks.

Best Regards,

Eugene

Beginner

Site-to-Site VPN Tunnel Down

without crypto map, the loopbacks are not reachable each other, because I did not advertise the loopbacks IPs. So my concern is the loopbacks should reach each other by crypto map.

Beginner

Site-to-Site VPN Tunnel Down

Hi Eugene,

                 I also tried to use CCP, but still tunnel was showing down, after that I am trying to use CLI to do fast and make it work..

Beginner

Site-to-Site VPN Tunnel Down

Also I am very confused about adding route, because I did not find any references that said I had to add route to make VPN tunnel up.

Cisco Employee

Site-to-Site VPN Tunnel Down

Beginner

Site-to-Site VPN Tunnel Down

Hi Eugene,

                   What does it mean End−to−End IP connectivity must be established before starting this configuration? I want to make VPN tunnnel bet these 2 networks 10.10.10.0/24 and 172.16.10.0/24. Should they be reachable before making crypto map?

Thanks,

Mostafa

Cisco Employee

Site-to-Site VPN Tunnel Down

No they shouldn't.

Try just to copy configurations...

Anyway correcr routing should be applied. Check how it configured in example. Your devices need to know where to forward traffic.

Best Regards,

Eugene

Site-to-Site VPN Tunnel Down

Hi Eugene,

                 The documnet you gave me that also makes me confused.  The VPN tunnel was made for 10.10.10.0/24 and 10.10.20.0/24. Please see the advertizing routing. This is for Router B.

ip classless
ip route 10.10.10.0 255.255.255.0 172.17.1.2
ip route 10.77.233.0 255.255.255.0 10.77.241.65
ip route 172.16.1.0 255.255.255.0 172.17.1.2

Thanks,

Mostafa

Highlighted
Cisco Employee

Site-to-Site VPN Tunnel Down

Hi Mohammad,

Regarding to routing when using crypto map I think the best is just to remember that you need to have route to remote LAN going out of the interface on which you have crypto map attached.

In your case as an example on R3 you could have:

ip route 10.10.10.0 255.255.255.0 192.168.20.3

On R1:

ip route 172.16.10.0 255.255.255.0 192.168.10.2

192.168.20.3 or 192.168.10.2 might be nonexisting host, but the most important thing for the router is that it will hit the crypto map while routing the traffic out.

Hope that helps.

Cheers.

Enthusiast

Re: Site-to-Site VPN Tunnel Down

Hi Mohammad,

I worked out this on GNS3 and it worked for me. below I have attached the configurations and Network Topology for reference.

IP's i have considered is an example lab setup, please change them accordingly in your set up or requirement.

Hyd ----------------------ISP-------------------------------:LA

           1.1.1.1/30                        2.2.2.0/30

Hope this help you.

Let me know if any assist you need and please provide the relevant output.

Kindly, rate the helpful post.