Hello everyone!
I'm trying to configure a VTI between two routers, for now I'm using IKEv1, and I'm trying to authenticate using the routers self-signed certificated, and for some reason it doesn't work for me, configuration:
R1:
crypto key pubkey-chain rsa
addressed-key 155.1.12.2
address 155.1.12.2
key-string
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
00ABBE57 9984E706 DD6F275E 318BCA86 6270F8CA 3D2277CB 02754041 B18B008D
700F5DFC 417A5309 7357D618 797CE5A6 DD423652 9E3B895C 284A8B86 2A004FC3
6A8F0CD7 D534E019 2E28B315 5C76B358 3706BF53 A674CF7C 97D7381B D2C51143
501BB02E AF18F598 04412728 32DBCC6E EC650832 8606A825 9C0886AE A32C7E1F
6356C7BC 2B599C1E 1CFBAE1D 3ADBF661 1A80EFCF 2554B4E7 B8BD939F DDE80201
FEDD394B 3D4B5BEA 8C002EBA 728AA9E1 11CF9BF5 51C71284 B1BDB69E E9A29085
C31B8B15 E0209F71 27B1C9DB D05A6A5D 99495B2D 7F7980B2 D10C3E7E 746784E7
4E2FA686 33FDDD13 D867ECEE D9B252C2 53D4123D 013D0158 C839FCBC CC830121
quit
crypto isakmp policy 10
encr aes
hash sha256
group 5
crypto ipsec transform-set TRANSFORM esp-aes esp-sha256-hmac
mode transport
crypto ipsec profile TUNNEL
set transform-set TRANSFORM
interface Tunnel0
ip address 150.1.12.1 255.255.255.0
tunnel source Fa0/0
tunnel destination 155.1.12.2
tunnel protection ipsec profile TUNNEL
interface Fa0/0
ip address 155.1.12.1 255.255.255.0
end
R2:
crypto key pubkey-chain rsa
addressed-key 155.1.12.1
address 155.1.12.1
key-string
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
00A73550 261BD332 428CEBC7 76E07F21 1AB0843A 907E9ABF 5DD2814A 3D93CF26
104CC8E4 789155AA 69565D46 32862CD9 7D674ACD BF0DAB36 4BB7703C 86820078
88A418F0 E828BCC1 B7A96410 BEE74750 9BC6C73B 00C85704 734617BC 65F8C334
4C4128A3 1E72B885 ED20AD12 DDEDF4F9 513BFEB6 31A07577 DC9D5773 C9CB3262
B69BE665 B20C7DBA 8503BCDC E5FCB0F5 BA5C6C2A 68F60771 73F2C041 8C4A6007
BC14FD0B 98545F91 0E7EDFCA 58496F54 F8D2E1DF 896D0AC7 5136B2B3 040A9133
2930D9D1 FEE6F420 621AF84B F225D38A F4B27219 0E641BB3 10AA15AC 9CC60DEE
923D7EA8 AD271685 FAED410D 2D7B2795 F1468269 9B16F676 D11008F9 DD53F055
quit
crypto isakmp policy 10
encr aes
hash sha256
group 5
crypto isakmp key P@ssw0rd address 155.1.12.1
crypto ipsec transform-set TRANSFORM esp-aes esp-sha256-hmac
mode transport
crypto ipsec profile TUNNEL
set transform-set TRANSFORM
interface Tunnel0
ip address 150.1.12.2 255.255.255.0
tunnel source Fa0/0
tunnel destination 155.1.12.1
tunnel protection ipsec profile TUNNEL
end
interface Fa0/0
ip address 155.1.12.2 255.255.255.0
end
R1#show crypto key mypubkey all
% Key pair was generated at: 15:00:15 CET Mar 15 2016
Key name: IPSEC
Key type: RSA KEYS
Storage Device: not specified
Usage: General Purpose Key
Key is exportable.
Key Data:
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
00A73550 261BD332 428CEBC7 76E07F21 1AB0843A 907E9ABF 5DD2814A 3D93CF26
104CC8E4 789155AA 69565D46 32862CD9 7D674ACD BF0DAB36 4BB7703C 86820078
88A418F0 E828BCC1 B7A96410 BEE74750 9BC6C73B 00C85704 734617BC 65F8C334
4C4128A3 1E72B885 ED20AD12 DDEDF4F9 513BFEB6 31A07577 DC9D5773 C9CB3262
B69BE665 B20C7DBA 8503BCDC E5FCB0F5 BA5C6C2A 68F60771 73F2C041 8C4A6007
BC14FD0B 98545F91 0E7EDFCA 58496F54 F8D2E1DF 896D0AC7 5136B2B3 040A9133
2930D9D1 FEE6F420 621AF84B F225D38A F4B27219 0E641BB3 10AA15AC 9CC60DEE
923D7EA8 AD271685 FAED410D 2D7B2795 F1468269 9B16F676 D11008F9 DD53F055
39020301 0001
% Key pair was generated at: 15:00:16 CET Mar 15 2016
Key name: IPSEC.server
Key type: RSA KEYS
Temporary key
Usage: Encryption Key
Key is not exportable.
Key Data:
307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00BE1A68 FC9ABB5C
9A62F78E 756819A9 C43C2E1C 159465B4 B20A3176 1631801E DFAB7CD5 809FD66F
06EABF6D 262A66E9 0C7F7CBE C4469EA1 0950F08C 4E051D60 D3A3A107 3B84035E
0BF3B7C5 D662FC32 3D60B0B4 C885EEAB 0281CC7F 67BC67DC FB020301 0001
% Key pair was generated at: 14:47:40 CET Mar 15 2016
Key name: R1_KEY
Key type: EC KEYS
Storage Device: private-config
Usage: Signature Key
Key is not exportable.
Key Data:
30763010 06072A86 48CE3D02 0106052B 81040022 03620004 36B55780 AE2F92D7
1A2030EF 64A81C28 3D8EF6C4 E7FE543A CD558C40 E54B45B0 7A54E2AF 6D9697FE
AB78CA5D C2847FEE 57C3EAF0 236AF68A F357DE99 591E5B8F FE9192CF 5A829EAB
3003874B B45C0148 6308AEC3 E2058F26 BDBCF9C4 3908CD83
R1#
R2#show crypto key mypubkey all
% Key pair was generated at: 15:00:35 CET Mar 15 2016
Key name: IPSEC
Key type: RSA KEYS
Storage Device: not specified
Usage: General Purpose Key
Key is not exportable.
Key Data:
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
00ABBE57 9984E706 DD6F275E 318BCA86 6270F8CA 3D2277CB 02754041 B18B008D
700F5DFC 417A5309 7357D618 797CE5A6 DD423652 9E3B895C 284A8B86 2A004FC3
6A8F0CD7 D534E019 2E28B315 5C76B358 3706BF53 A674CF7C 97D7381B D2C51143
501BB02E AF18F598 04412728 32DBCC6E EC650832 8606A825 9C0886AE A32C7E1F
6356C7BC 2B599C1E 1CFBAE1D 3ADBF661 1A80EFCF 2554B4E7 B8BD939F DDE80201
FEDD394B 3D4B5BEA 8C002EBA 728AA9E1 11CF9BF5 51C71284 B1BDB69E E9A29085
C31B8B15 E0209F71 27B1C9DB D05A6A5D 99495B2D 7F7980B2 D10C3E7E 746784E7
4E2FA686 33FDDD13 D867ECEE D9B252C2 53D4123D 013D0158 C839FCBC CC830121
D3020301 0001
% Key pair was generated at: 15:00:36 CET Mar 15 2016
Key name: IPSEC.server
Key type: RSA KEYS
Temporary key
Usage: Encryption Key
Key is not exportable.
Key Data:
307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00AEA93D CE6306A2
FD1CABB4 77FE868D 064174B4 9125B62E 6B4E3175 F29E173E 2417E61A 86ADAD49
7D26B9A4 8338CB0F 70F264E1 AF160EAB C7A7C3AE 6B035D1D BBC0C5F6 F0EC759C
7BA4D6C4 4AEEB958 A8BBAEDC B07D738D 567DC5FE 869ECFF7 DF020301 0001
% Key pair was generated at: 14:50:39 CET Mar 15 2016
Key name: R2_KEY
Key type: EC KEYS
Storage Device: private-config
Usage: Signature Key
Key is not exportable.
Key Data:
30763010 06072A86 48CE3D02 0106052B 81040022 03620004 ADEB93A7 7EE5E417
E33C47C1 638DA5D9 D810E2B5 05001CD9 E3A137ED 95B4D79A 6D7CDBD3 0B0C1958
1972ECC5 FA83F19F EB627EB1 E1FE39F9 2521B3B1 33712958 9B7F2A07 34A89F02
3D7DFB5A D5DC88DD 33321346 F50B596D C6200866 1478EFF9
R2#
What am I doing wrong?
Thanks
Omer Shtivi
