cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
348
Views
0
Helpful
3
Replies

connect to remote server

malai.joseph
Beginner
Beginner

Hello friend

Pls help
Given below from other site , server ip 172.16.5.10 and public ip address 41.59.251.X , i need to create tunnel so that my
server with ip 172.17.18.41 and my public ip address 41.59.251.Y should able to communicate with remote server that is

172.16.5.10
what is the way forward ?my server ip address 172.17.18.41 mask 255.255.255.33

- Encryption 3des
- Hash md5
- Authentication pre-share
- Group 2
- Pre-shared key 66@#fgk
- Public IP 41.59.251.X
- server ip address 172.16.5.10 (This is /27 subnet)

This is what i want to implement ,help on routing between two network and access -list  for only two servers to talk pls

crypto isakmp policy 30
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key 66@#fgk address 41.59.251.X
crypto ipsec transform-set STRONG esp-3des esp-md5-hmac
crypto map JOE 30 ipsec-isakmp
 set peer 41.59.251.X
 set security-association lifetime seconds 86400
 set transform-set STRONG
 set pfs group2
 match address 140

access-list 140 permit
ip route

interface GigabitEthernet0/1
description CONNECTION to ISP
ip address 10.17.50.1 255.255.255.252
ip virtual-reassembly
duplex auto
speed auto
crypto map JOE

 

Joe

 

1 Accepted Solution

Accepted Solutions

The access-list should match en traffic to be encrypted, and it needs to match the access-list on the other side.

The most simplest thing would be to ask the person  manageing the router on the other side to send you the configuration, otherwise it's just a guess how that access-list should be configured.

View solution in original post

3 Replies 3

Henrik Grankvist
Enthusiast
Enthusiast

Hi

You should run "debug crypto isakmp" and "debug crypto ipsec" and running  "clear crypto isakmp" and post the results. The debugs normally will tell you what the problem is.

 

 

hello henrik,

I did not run that command yet to router,am asking what is the access-list and ip route to be written pls

 

access-list 140 permit ??????????????
ip route ??????????

 

Thanks

The access-list should match en traffic to be encrypted, and it needs to match the access-list on the other side.

The most simplest thing would be to ask the person  manageing the router on the other side to send you the configuration, otherwise it's just a guess how that access-list should be configured.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers