Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3133
Views
0
Helpful
3
Replies

IPSec phase 2 problem

Go to solution
mailaglady2
Level 1
Level 1

‎10-16-2012 02:47 PM - edited ‎02-21-2020 06:24 PM

Hi All

I'm experiencing an issue that i don't understand from the debug isakmp & ipsec output.

my topology us as follows, only two router (R1 [ASR1006] & R2 [ISRG2-3900]) connected point to point. I'm trying to get IPSec to work on both routers but it keeps on failing. I must also configure DMVPN but for now to get the few sites up and running, i decided to start with IPSec then later I will change to DMVPN but my configs are working well on these 2 devices.

Attached are my configs for both devices, I'm trying to get this configuration working in the lab environment. if I can get a working config for DMVPN that would be of highly assistance. I have searched for config guidelines and examples but they not working for me.

Your assistance would be greatly appreciated.

Labels:
136896-crypto debug output.txt.zip
136898-ASR configuration & IOS-XE Image.txt.zip
136897-Cisco3900 config & IOS Image.txt.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mailaglady2
Level 1
Level 1
In response to mailaglady2

‎03-15-2013 12:23 AM

Hi

Problem was with the inclusion of AH, AH is currently giving problems. When I used ESP only, IPSec worked well.

Kind regards

Mpho

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎10-16-2012 09:36 PM

Hello,

So you are using static Virtual tunnel interfaces and you are trying to setup a IPSEC tunnel.

Here are the things to make this work:

ASR side

crypto ipsec transform-set gabbage ah-sha-hmac esp-3des

*** No mode tunnel****

interface Tunnel10

tunnel mode ipsec ipv4

Cisco 3900 side

Interface tunnel 10

tunnel mode ipsec ipv4

Please give it a try and let me know.

Any other question..Sure...Just remember to rate all of the forum answers.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
mailaglady2
Level 1
Level 1
In response to Julio Carvajal

‎10-17-2012 12:14 AM

Hi

It's still not working..

I wish I could get the current working deployed configuration for the ASR, I trust that my configuration is correct.

I think the issue is on the ASR, I have used the configuration on the 7200 router and it's working 100%. I will change the image on the ASR and check the results, I have also attached running config for the 7200 and the results of the tunnel. I only added tun11 on the 3900 with the same config and it's also working as expected.

Kinf regards

Mpho

Message was edited by: Mpho Maila

Message was edited by: Mpho Maila

136918-Cisco 7200VXR config & results.txt.zip
0 Helpful

Go to solution
mailaglady2
Level 1
Level 1
In response to mailaglady2

‎03-15-2013 12:23 AM

Hi

Problem was with the inclusion of AH, AH is currently giving problems. When I used ESP only, IPSec worked well.

Kind regards

Mpho

0 Helpful
Customers Also Viewed These Support Documents