01-28-2009 06:27 AM - edited 02-21-2020 04:08 PM
i've configured GRE tunnel over IPSEC between two routers on leased line.Tunnel shows port and protocol UP on both of routers but when i'm using command on CLI of router "show session interface tunnel 0", it will give "SESSION STATUS:DOWN" and also unable to see encryption/decryption.
Kindly tell me right solution.
01-28-2009 06:35 AM
First:
crypto map VPN-IND 10 is missing the transform set:
it should look like this:
crypto map VPN-IND 10 ipsec-isakmp
set peer 10.10.106.2
match address 101
set transform-set BSF_CISCO
Go ahead and take off the crypto map from the Tunnel0 interface, you only need it on the physical interface on new versions.
Same on the other router:
Missing transform set
crypto map VPN-IND 10 ipsec-isakmp
set peer 10.10.106.1
match address 10
set transform-set...<-----HERE
!
crypto map VPN-IND 10 ipsec-isakmp
set peer 10.10.106.1
match address 10
set transform-set BSF_CISCO
Remove the crypto map from the Tunnel0 as well and force the tunnel renegotiation.
01-28-2009 06:37 AM
In your crypto-map, you need to set the transform to use with the tunnel.
01-28-2009 09:23 PM
How can we use transform with tunnel.kindly specify me with example for clear concept for me.
01-28-2009 09:38 PM
you need to go to the crypto map mode by typing:
crypto map
set transform-set
I pasted the way it should look on my first post.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide