Hi All,
I'm really struggling in getting this up and connected, i have attached some configurations and copy and pasted some info below if any one has any suggestion pls help.
----
c1841#show crypto session
Crypto session current status
Interface: FastEthernet0/1
Session status: UP-IDLE
Peer: 172.16.50.253 port 500
IKE SA: local 172.16.51.253/500 remote 172.16.50.253/500 Active
IPSEC FLOW: permit ip 172.16.32.0/255.255.254.0 192.168.100.0/255.255.255.0
Active SAs: 0, origin: crypto map
IPSEC FLOW: permit ip 192.168.100.0/255.255.255.0 172.16.32.0/255.255.254.0
Active SAs: 0, origin: crypto map
----
c1841#show crypto session map
Crypto Map "SDM_CMAP_1" 1 ipsec-isakmp
Description: Tunnel to172.16.50.253
Peer = 172.16.50.253
Extended IP access list 100
access-list 100 permit ip 192.168.100.0 0.0.0.255 172.16.32.0 0.0.1.255
access-list 100 permit ip 172.16.32.0 0.0.1.255 192.168.100.0 0.0.0.255
Current peer: 172.16.50.253
Security association lifetime: 4608000 kilobytes/28800 seconds
Responder-Only (Y/N): N
PFS (Y/N): Y
DH group: group2
Transform sets={
Cisco: { esp-3des esp-sha-hmac } ,
}
Interfaces using crypto map SDM_CMAP_1:
FastEthernet0/1
----
c1841#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
172.16.50.253 172.16.51.253 QM_IDLE 1002 ACTIVE
IPv6 Crypto ISAKMP SA
----
c1841#show crypto ipsec sa
interface: FastEthernet0/1
Crypto map tag: SDM_CMAP_1, local addr 172.16.51.253
protected vrf: (none)
local ident (addr/mask/prot/port): (172.16.32.0/255.255.254.0/0/0)
remote ident (addr/mask/prot/port): (192.168.100.0/255.255.255.0/0/0)
current_peer 172.16.50.253 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 172.16.51.253, remote crypto endpt.: 172.16.50.253
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none
inbound esp sas:
--More-- inbound ah sas:
--More--
--More-- inbound pcp sas:
--More--
--More-- outbound esp sas:
--More--
--More-- outbound ah sas:
--More--
--More-- outbound pcp sas:
--More--
--More-- protected vrf: (none)
--More-- local ident (addr/mask/prot/port): (192.168.100.0/255.255.255.0/0/0)
--More-- remote ident (addr/mask/prot/port): (172.16.32.0/255.255.254.0/0/0)
--More-- current_peer 172.16.50.253 port 500
--More-- PERMIT, flags={origin_is_acl,ipsec_sa_request_sent}
--More-- #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
--More-- #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
--More-- #pkts compressed: 0, #pkts decompressed: 0
--More-- #pkts not compressed: 0, #pkts compr. failed: 0
--More-- #pkts not decompressed: 0, #pkts decompress failed: 0
--More-- #send errors 25229, #recv errors 0
--More--
--More-- local crypto endpt.: 172.16.51.253, remote crypto endpt.: 172.16.50.253
--More-- path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/1
--More-- current outbound spi: 0x0(0)
--More-- PFS (Y/N): N, DH group: none
--More--
--More-- inbound esp sas:
--More--
--More-- inbound ah sas:
--More--
--More-- inbound pcp sas:
--More--
--More-- outbound esp sas:
--More--
--More-- outbound ah sas:
--More--
--More-- outbound pcp sas:
