Solved: Re: 829 router to spoke ikev2 - Page 2

Hawk-on · ‎02-09-2021

Hi

We are trying to implement a spoke structure for a service we want to provide, but for it to have acceptable levels of security we want to use ikev2 in our configurations.

What I am struggling with now is the ikev2 tunnel configuration on the 829 Router. When I do a check “show crypto session”, the session status shows “down”, but I am expecting “negotiating”.

I do not have much (any) experience in VPN configurations, but I hope I get some pointers to where my configuration is missing something important which I have overlooked.

Rob Ingram · ‎02-10-2021

Well if debugs are turned on and you are generating interesting traffic from the correct source network, then there are no debugs appear to be being generated. You peer ip address is defined as 192.168.10.10, is that correct? Is the VPN over a private network?

Provide the configuration of the peer router

Your debugs also confirm a tunnel interface is down, but that wasn't in your initial configuration, has this changed?

Hawk-on · ‎02-10-2021

Hi

Sent an updated config, i changed the ip addresses of the peer in the previous config as i thought it was not relevant to the problem.

the interface you are referring to might have been a "trial and error" attempt from me to make something more than nothing to happen.

The peer is a Cisco 1120 FTD on firepower. Also a picture of the endpoints tab in the configuration.

Rob Ingram · ‎02-10-2021

It still looks like you have nat configured on the router.

interface Cellular0
 no ip nat outside
interface Vlan1
 no ip nat inside
no ip nat inside source list 101 interface Cellular0 overload

Hawk-on · ‎02-10-2021

Hi

>.>

So yeah, stuff is happening. The tunnel is not up, but i think i can take it from here. If not i will start a new thread.

Thanks for your help