01-10-2014 01:32 PM
Hey everyone,
I've been on the forums looking for a solution to my issue in my lab....
I'm getting the No peer struct to get peer description error in my debug. I've done a search on these forums but the changes that I made did not work for me
It has to be something simple.....
I am able to ping out to my ASA
891Demo#ping 38.98.226.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 38.98.226.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 100/106/116 ms
I did a few show commands listed below if anyone wants to take a look...
891Demo#sho run
Building configuration...
Current configuration : 6370 bytes
!
! Last configuration change at 20:47:45 UTC Fri Jan 10 2014 by admin
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 891Demo
!
boot-start-marker
boot-end-marker
!
!
logging buffered 52000
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
!
!
!
!
!
aaa session-id common
service-module wlan-ap 0 bootimage autonomous
!
crypto pki trustpoint TP-self-signed-1670941714
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1670941714
revocation-check none
rsakeypair TP-self-signed-1670941714
!
!
crypto pki certificate chain TP-self-signed-1670941714
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31363730 39343137 3134301E 170D3133 30393130 31383038
31305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36373039
34313731 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A613 DCE81A2F 27DC53B6 6ED91D5E 167EEAEA D9793CB3 33C39BBE CBC5AF0B
029C1605 3FC09722 C7811B2D 173B5887 2C87A9C7 4DDAC1C4 AE13A1C3 743B940E
A5A7AF56 26A83081 2330E910 1BA8317A BE0BC37A 631D858D E307DC04 2F76D648
1500DB09 2BC1B92A 92C0B8FE 59434385 A3D1B19D 5665D3A9 07956793 F2B98EDA
EA870203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1489C50C C4C16781 28F37E31 DABE13A9 2EE9967E 58301D06
03551D0E 04160414 89C50CC4 C1678128 F37E31DA BE13A92E E9967E58 300D0609
2A864886 F70D0101 05050003 81810053 FD39A299 CFF9E763 C89846EE 9BE0DAE4
31B890D0 969764F0 98A21C63 FD103ADB 29BA7DB4 98C142B9 1EA60C71 1D6C4BE5
921224F5 BE5FC348 2A2A4858 A5D0E680 23346C0E 8EA55314 435CE650 5167C796
1EB4EFAD 1D045B2C 84031255 C2A9F5B7 C8542ACF 3C69C46E DE0230AE EA3587EE
464A0AC0 3987D917 47A4ABDB 5B6022
quit
ip cef
!
!
!
!
!
ip dhcp excluded-address 10.10.10.7 10.10.10.254
891Demo#sh run
Building configuration...
Current configuration : 6370 bytes
!
! Last configuration change at 20:47:45 UTC Fri Jan 10 2014 by admin
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 891Demo
!
boot-start-marker
boot-end-marker
!
!
logging buffered 52000
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
!
!
!
!
!
aaa session-id common
service-module wlan-ap 0 bootimage autonomous
!
crypto pki trustpoint TP-self-signed-1670941714
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1670941714
revocation-check none
rsakeypair TP-self-signed-1670941714
!
!
crypto pki certificate chain TP-self-signed-1670941714
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31363730 39343137 3134301E 170D3133 30393130 31383038
31305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36373039
34313731 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A613 DCE81A2F 27DC53B6 6ED91D5E 167EEAEA D9793CB3 33C39BBE CBC5AF0B
029C1605 3FC09722 C7811B2D 173B5887 2C87A9C7 4DDAC1C4 AE13A1C3 743B940E
A5A7AF56 26A83081 2330E910 1BA8317A BE0BC37A 631D858D E307DC04 2F76D648
1500DB09 2BC1B92A 92C0B8FE 59434385 A3D1B19D 5665D3A9 07956793 F2B98EDA
EA870203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1489C50C C4C16781 28F37E31 DABE13A9 2EE9967E 58301D06
03551D0E 04160414 89C50CC4 C1678128 F37E31DA BE13A92E E9967E58 300D0609
2A864886 F70D0101 05050003 81810053 FD39A299 CFF9E763 C89846EE 9BE0DAE4
31B890D0 969764F0 98A21C63 FD103ADB 29BA7DB4 98C142B9 1EA60C71 1D6C4BE5
921224F5 BE5FC348 2A2A4858 A5D0E680 23346C0E 8EA55314 435CE650 5167C796
1EB4EFAD 1D045B2C 84031255 C2A9F5B7 C8542ACF 3C69C46E DE0230AE EA3587EE
464A0AC0 3987D917 47A4ABDB 5B6022
quit
ip cef
!
!
!
!
!
ip dhcp excluded-address 10.10.10.7 10.10.10.254
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 0 2
!
!
!
ip domain name yourdomain.com
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
license udi pid CISCO891W-AGN-A-K9 sn FTX171783D3
!
!
username admin privilege 15 password 0 password
!
redundancy
!
!
!
!
!
csdb tcp synwait-time 30
csdb tcp idle-time 3600
csdb tcp finwait-time 5
csdb tcp reassembly max-memory 1024
csdb tcp reassembly max-queue-length 16
csdb udp idle-time 30
csdb icmp idle-time 10
csdb session max-session 65535
!
!
crypto isakmp policy 50
encr 3des
authentication pre-share
group 2
crypto isakmp key D1l2w3r4 address 38.98.226.100
!
crypto isakmp client configuration group VPNGroupZLAB
key D1l2w3r4
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
mode tunnel
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
mode tunnel
!
!
!
crypto ipsec client ezvpn CISCOCP_EZVPN_CLIENT_1
connect auto
group DefaultL2LGroup key D1l2w3r4
mode client
peer 38.98.226.100
username ztest password D1l2w3r4
xauth userid mode local
!
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to38.98.226.100
set peer 38.98.226.100
set transform-set ESP-3DES-SHA
match address 102
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
no ip address
!
interface FastEthernet5
no ip address
!
interface FastEthernet6
no ip address
!
interface FastEthernet7
no ip address
!
interface FastEthernet8
no ip address
shutdown
duplex auto
speed auto
!
interface Virtual-Template1 type tunnel
no ip address
tunnel mode ipsec ipv4
!
interface GigabitEthernet0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Async1
no ip address
encapsulation slip
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip dns server
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1 254
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0 192.168.1.1 254
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0 dhcp 254
!
ip access-list extended protect_traffic
permit ip host 10.10.10.1 host 10.1.11.1
!
no cdp run
!
route-map SDM_RMAP_1 permit 1
match ip address 101
!
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.10.10.0 0.0.0.255 10.1.11.0 0.0.0.255
access-list 101 remark CCP_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.10.10.0 0.0.0.255 10.1.11.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.7 any
access-list 102 remark CCP_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 10.10.10.0 0.0.0.255 10.1.11.0 0.0.0.255
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
line con 0
line 1
modem InOut
speed 115200
flowcontrol hardware
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin udptn ssh
line aux 0
line vty 0 4
access-class 23 in
transport input telnet ssh
transport output telnet ssh
line vty 5 15
access-class 23 in
transport input telnet ssh
transport output telnet ssh
!
!
end
=============================================
=============================================
891Demo#sh crypto ipsec sa
interface: GigabitEthernet0
Crypto map tag: SDM_CMAP_1, local addr 10.0.0.35
protected vrf: (none)
local ident (addr/mask/prot/port): (10.10.10.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.1.11.0/255.255.255.0/0/0)
current_peer 38.98.226.100 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 10.0.0.35, remote crypto endpt.: 38.98.226.100
path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
=============================================
=============================================
891Demo#sho crypto se
Crypto session current status
Interface: GigabitEthernet0
Session status: DOWN
Peer: 38.98.226.100 port 500
IPSEC FLOW: permit ip 10.10.10.0/255.255.255.0 10.1.11.0/255.255.255.0
Active SAs: 0, origin: crypto map
891Demo#
*Jan 10 20:56:15.327: No peer struct to get peer description
=============================================
=============================================
891Demo#sh crypto isakmp default pol
Default IKE policy
Default protection suite of priority 65507
encryption algorithm: AES - Advanced Encryption Standard (128 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Rivest-Shamir-Adleman Signature
Diffie-Hellman group: #5 (1536 bit)
lifetime: 86400 seconds, no volume limit
Default protection suite of priority 65508
encryption algorithm: AES - Advanced Encryption Standard (128 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Pre-Shared Key
Diffie-Hellman group: #5 (1536 bit)
lifetime: 86400 seconds, no volume limit
Default protection suite of priority 65509
encryption algorithm: AES - Advanced Encryption Standard (128 bit keys).
hash algorithm: Message Digest 5
authentication method: Rivest-Shamir-Adleman Signature
Diffie-Hellman group: #5 (1536 bit)
lifetime: 86400 seconds, no volume limit
Default protection suite of priority 65510
encryption algorithm: AES - Advanced Encryption Standard (128 bit keys).
hash algorithm: Message Digest 5
authentication method: Pre-Shared Key
Diffie-Hellman group: #5 (1536 bit)
lifetime: 86400 seconds, no volume limit
Default protection suite of priority 65511
encryption algorithm: Three key triple DES
hash algorithm: Secure Hash Standard
authentication method: Rivest-Shamir-Adleman Signature
Diffie-Hellman group: #2 (1024 bit)
lifetime: 86400 seconds, no volume limit
Default protection suite of priority 65512
encryption algorithm: Three key triple DES
hash algorithm: Secure Hash Standard
authentication method: Pre-Shared Key
Diffie-Hellman group: #2 (1024 bit)
lifetime: 86400 seconds, no volume limit
Default protection suite of priority 65513
encryption algorithm: Three key triple DES
hash algorithm: Message Digest 5
authentication method: Rivest-Shamir-Adleman Signature
Diffie-Hellman group: #2 (1024 bit)
lifetime: 86400 seconds, no volume limit
Default protection suite of priority 65514
encryption algorithm: Three key triple DES
hash algorithm: Message Digest 5
authentication method: Pre-Shared Key
Diffie-Hellman group: #2 (1024 bit)
lifetime: 86400 seconds, no volume limit
Any insight to this would be appreciated, i'm still going to try and figure it out as well
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide