02-28-2012 06:17 PM
I have a router_A with a public ip for example 190.84.22.11 and other router, this router_B is connected to a modem (public IP for example 190.80.90.11 y LAN = 192.168.1.2, the modem is doing NAT).
The router_B have the IP address 192.168.1.2 and I can Ping to IP 190.84.22.11.
How can I configure a Tunnel with Ipsec
thanks
02-28-2012 09:38 PM
Hi there,
Here is a configuration example from cisco documentation.
.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080223a59.shtml
Hope that helps.
Thanks
Rizwan Rafeek
03-08-2012 09:49 PM
Please rate a helpful post.
thanks
03-20-2012 03:38 PM
Dear
I have a Router_A with a IP address = 190.108.84.138 and Router_B is connect a Modem With IP WAN = 190.40.61.120 and IP LAN = 192.168.1.1/24 and behind is a Router_B with IP WAN = 192.168.1.2/24.
I can do a ping form Router_B to Router_A because my Modem is doing NAT.
Router_B configuration
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
lifetime 3600
crypto isakmp key InxElec address 190.40.16.84
!
crypto ipsec transform-set AES-SHA esp-aes 256 esp-sha-hmac
!
access-list 101 permit ip 10.122.0.0 0.0.0.255 10.122.62.0 0.0.0.255
crypto map VPN_San_Juan_TO_Huancavelica ipsec-isakmp
set peer 190.40.16.84
match address 101
set transform-set AES-SHA
set pfs group 5
!
interface Tunnel0
ip address 192.168.16.141 255.255.255.252
tunnel source GigaEtehernet 0/1
tunnel destination 190.40.16.84
tunnel mode ipsec ipv4
crypto map VPN_San_Juan_TO_Huancavelica
!
ip route 10.122.62.0 0.0.0.255 190.40.16.84 200
!
!
Router_A configuration
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
lifetime 3600
crypto isakmp key InxElec address 190.108.84.138
!
crypto ipsec transform-set AES-SHA esp-aes 256 esp-sha-hmac
!
access-list 101 permit ip 10.122.62.0 0.0.0.255 10.122.0.0 0.0.0.255
crypto map VPN_San_Juan_TO_Huancavelica ipsec-isakmp
set peer 190.108.84.138
match address 101
set transform-set AES-SHA
set pfs group 5
!
interface Tunnel0
ip address 192.168.16.142 255.255.255.252
tunnel source GigaEthehernet 0/1
tunnel destination 190.108.84.138
tunnel mode ipsec ipv4
crypto map VPN_San_Juan_TO_Huancavelica
!
ip route 0.0.0.0 0.0.0.0 190.108.84.138 200
=====================================
03-21-2012 05:00 AM
You say:
Router_A IP = 190.108.84.138
Router_B IP = 190.40.61.120
But the peer in the crypto map, destination address in the crypto key and the destination on the tunnel interface on Router_B is 192.168.16.141. Should be 190.108.84.138, if your addresses are correct.
The Crypto map peer, destinaton address in the crypto map and the destination on the tunnel interface on Router_A is 190.108.84.138, which is itself? Should be 190.40.61.120.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide