Re: configuring vpn on router 2911

Juan Francisco Burga Colchado · ‎02-28-2012

I have a router_A with a public ip for example 190.84.22.11 and other router, this router_B is connected to a modem (public IP for example 190.80.90.11 y LAN = 192.168.1.2, the modem is doing NAT).

The router_B have the IP address 192.168.1.2 and I can Ping to IP 190.84.22.11.

How can I configure a Tunnel with Ipsec

thanks

rizwanr74 · ‎02-28-2012

Hi there,

Here is a configuration example from cisco documentation.

.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080223a59.shtml

Hope that helps.

Thanks

Rizwan Rafeek

rizwanr74 · ‎03-08-2012

Please rate a helpful post.

thanks

Juan Francisco Burga Colchado · ‎03-20-2012

Dear

I have a Router_A with a IP address = 190.108.84.138 and Router_B is connect a Modem With IP WAN = 190.40.61.120 and IP LAN = 192.168.1.1/24 and behind is a Router_B with IP WAN = 192.168.1.2/24.

I can do a ping form Router_B to Router_A because my Modem is doing NAT.

Router_B configuration

crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
lifetime 3600

crypto isakmp key InxElec address 190.40.16.84
!
crypto ipsec transform-set AES-SHA esp-aes 256 esp-sha-hmac
!
access-list 101 permit ip 10.122.0.0 0.0.0.255 10.122.62.0 0.0.0.255

crypto map VPN_San_Juan_TO_Huancavelica ipsec-isakmp
set peer 190.40.16.84
match address 101
set transform-set AES-SHA
set pfs group 5
!

interface Tunnel0
ip address 192.168.16.141 255.255.255.252
tunnel source GigaEtehernet 0/1
tunnel destination 190.40.16.84
tunnel mode ipsec ipv4
crypto map VPN_San_Juan_TO_Huancavelica
!
ip route 10.122.62.0 0.0.0.255 190.40.16.84 200

!
!

Router_A configuration

crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
lifetime 3600

crypto isakmp key InxElec address 190.108.84.138
!
crypto ipsec transform-set AES-SHA esp-aes 256 esp-sha-hmac
!
access-list 101 permit ip 10.122.62.0 0.0.0.255 10.122.0.0 0.0.0.255

crypto map VPN_San_Juan_TO_Huancavelica ipsec-isakmp
set peer 190.108.84.138
match address 101
set transform-set AES-SHA
set pfs group 5
!

interface Tunnel0
ip address 192.168.16.142 255.255.255.252
tunnel source GigaEthehernet 0/1
tunnel destination 190.108.84.138
tunnel mode ipsec ipv4
crypto map VPN_San_Juan_TO_Huancavelica
!

ip route 0.0.0.0 0.0.0.0 190.108.84.138 200

=====================================

Henrik Grankvist · ‎03-21-2012

You say:

Router_A IP = 190.108.84.138

Router_B IP = 190.40.61.120

But the peer in the crypto map, destination address in the crypto key and the destination on the tunnel interface on Router_B is 192.168.16.141. Should be 190.108.84.138, if your addresses are correct.

The Crypto map peer, destinaton address in the crypto map and the destination on the tunnel interface on Router_A is 190.108.84.138, which is itself? Should be 190.40.61.120.