10-16-2012 02:47 PM - edited 02-21-2020 06:24 PM
Hi All
I'm experiencing an issue that i don't understand from the debug isakmp & ipsec output.
my topology us as follows, only two router (R1 [ASR1006] & R2 [ISRG2-3900]) connected point to point. I'm trying to get IPSec to work on both routers but it keeps on failing. I must also configure DMVPN but for now to get the few sites up and running, i decided to start with IPSec then later I will change to DMVPN but my configs are working well on these 2 devices.
Attached are my configs for both devices, I'm trying to get this configuration working in the lab environment. if I can get a working config for DMVPN that would be of highly assistance. I have searched for config guidelines and examples but they not working for me.
Your assistance would be greatly appreciated.
Solved! Go to Solution.
03-15-2013 12:23 AM
Hi
Problem was with the inclusion of AH, AH is currently giving problems. When I used ESP only, IPSec worked well.
Kind regards
Mpho
10-16-2012 09:36 PM
Hello,
So you are using static Virtual tunnel interfaces and you are trying to setup a IPSEC tunnel.
Here are the things to make this work:
ASR side
crypto ipsec transform-set gabbage ah-sha-hmac esp-3des
*** No mode tunnel****
interface Tunnel10
tunnel mode ipsec ipv4
Cisco 3900 side
Interface tunnel 10
tunnel mode ipsec ipv4
Please give it a try and let me know.
Any other question..Sure...Just remember to rate all of the forum answers.
Julio
10-17-2012 12:14 AM
Hi
It's still not working..
I wish I could get the current working deployed configuration for the ASR, I trust that my configuration is correct.
I think the issue is on the ASR, I have used the configuration on the 7200 router and it's working 100%. I will change the image on the ASR and check the results, I have also attached running config for the 7200 and the results of the tunnel. I only added tun11 on the 3900 with the same config and it's also working as expected.
Kinf regards
Mpho
Message was edited by: Mpho Maila
Message was edited by: Mpho Maila
03-15-2013 12:23 AM
Hi
Problem was with the inclusion of AH, AH is currently giving problems. When I used ESP only, IPSec worked well.
Kind regards
Mpho
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide