Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
854
Views
0
Helpful
3
Replies

connect to remote server

Go to solution
malai.joseph
Level 1
Level 1

‎07-29-2015 12:37 AM

Hello friend

Pls help
Given below from other site , server ip 172.16.5.10 and public ip address 41.59.251.X , i need to create tunnel so that my
server with ip 172.17.18.41 and my public ip address 41.59.251.Y should able to communicate with remote server that is

172.16.5.10
what is the way forward ?my server ip address 172.17.18.41 mask 255.255.255.33

- Encryption 3des
- Hash md5
- Authentication pre-share
- Group 2
- Pre-shared key 66@#fgk
- Public IP 41.59.251.X
- server ip address 172.16.5.10 (This is /27 subnet)

This is what i want to implement ,help on routing between two network and access -list  for only two servers to talk pls

crypto isakmp policy 30
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key 66@#fgk address 41.59.251.X
crypto ipsec transform-set STRONG esp-3des esp-md5-hmac
crypto map JOE 30 ipsec-isakmp
 set peer 41.59.251.X
 set security-association lifetime seconds 86400
 set transform-set STRONG
 set pfs group2
 match address 140

access-list 140 permit
ip route

interface GigabitEthernet0/1
description CONNECTION to ISP
ip address 10.17.50.1 255.255.255.252
ip virtual-reassembly
duplex auto
speed auto
crypto map JOE

 

Joe

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Henrik Grankvist
Level 4
Level 4
In response to malai.joseph

‎07-29-2015 03:42 AM

The access-list should match en traffic to be encrypted, and it needs to match the access-list on the other side.

The most simplest thing would be to ask the person  manageing the router on the other side to send you the configuration, otherwise it's just a guess how that access-list should be configured.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Henrik Grankvist
Level 4
Level 4

‎07-29-2015 02:26 AM

Hi

You should run "debug crypto isakmp" and "debug crypto ipsec" and running  "clear crypto isakmp" and post the results. The debugs normally will tell you what the problem is.

 

 

0 Helpful

Go to solution
malai.joseph
Level 1
Level 1
In response to Henrik Grankvist

‎07-29-2015 03:15 AM

hello henrik,

I did not run that command yet to router,am asking what is the access-list and ip route to be written pls

 

access-list 140 permit ??????????????
ip route ??????????

 

Thanks

0 Helpful

Go to solution
Henrik Grankvist
Level 4
Level 4
In response to malai.joseph

‎07-29-2015 03:42 AM

The access-list should match en traffic to be encrypted, and it needs to match the access-list on the other side.

The most simplest thing would be to ask the person  manageing the router on the other side to send you the configuration, otherwise it's just a guess how that access-list should be configured.

0 Helpful
Customers Also Viewed These Support Documents