cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

483
Views
0
Helpful
1
Replies
Beginner

Site2Site VPN

Hi all,

Here I'm again trying to resolve a simple Site 2 Site VPN between two Cisco 2800 routers. One has a static IP form the ISP the other a DHCP however I'm using the IP that I got from the DHCP..

Both running code:

adventerprisek9-mz.124-24.T8

The only error that I get form one router:

crypto_engine: Create signature

select crypto engine: ce_engine[2] does not  accept the capabilities

select crypto engine: ce_engine[3] does not  accept the capabilities

select crypto engine: ce_engine[2] does not  accept the capabilities

select crypto engine: ce_engine[3] does not  accept the capabilities

Router A:

Crypto Map "vpnset" 10 ipsec-isakmp

        Peer = 24.46.x.x

        Extended IP access list 100

            access-list 100 permit ip 172.22.1.0 0.0.0.255 192.168.12.0 0.0.0.255

        Current peer: 24.46.41.241

        Security association lifetime: 4608000 kilobytes/3600 seconds

        Responder-Only (Y/N): N

        PFS (Y/N): N

        Transform sets={

                vpnset:  { esp-aes esp-sha-hmac  } ,

        }

        Interfaces using crypto map vpnset:

                FastEthernet0/0

Interface: FastEthernet0/0

Session status: DOWN

Peer: 24.46.41.241 port 500

  IPSEC FLOW: permit ip 172.22.1.0/255.255.255.0 192.168.12.0/255.255.255.0

        Active SAs: 0, origin: crypto map

Router B:

Crypto Map "vpnset" 10 ipsec-isakmp

        Peer = 108.170.X.X

        Extended IP access list 100

            access-list 100 permit ip 192.168.12.0 0.0.0.255 172.22.1.0 0.0.0.255

        Current peer: 108.170.99.74

        Security association lifetime: 4608000 kilobytes/3600 seconds

        Responder-Only (Y/N): N

        PFS (Y/N): N

        Transform sets={

                vpnset:  { esp-aes esp-sha-hmac  } ,

        }

        Interfaces using crypto map vpnset:

                FastEthernet0/0

Interface: FastEthernet0/0

Session status: DOWN

Peer: 24.46.41.241 port 500

  IPSEC FLOW: permit ip 172.22.1.0/255.255.255.0 192.168.12.0/255.255.255.0

        Active SAs: 0, origin: crypto map

Nothing goes across and the Session keeps saying: DOWN

ANy thoughs would be appreicated..

1 REPLY 1
Beginner

Site2Site VPN

After many hours of troubleshooting i created a tunnel 0 interface, No NAT or ACL needed based on this cisco document:

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_ipsec_virt_tunnl.html#wp1110852