11-14-2016 12:25 AM - edited 02-21-2020 09:03 PM
Dear Everyone,
Can some one help me please....i recently upgraded my cisco 800 series router into 1941, here i can't protect my tunnel with shared keyword
which is sharing same ipsec profile
here are some information for you
--------------------------------------------------------------------------------------
Tunnel interface configuration error for tunnel protection ipsec profile DMVPN shared
--------------------------------------------------------------------------------------
router10(config)#int tunnel 2
router10(config-if)#tunnel protection ipsec profile DMVPN shared
Error: All interfaces sharing the same Tunnel Source can have different profiles only without the 'shared' keyword'.
Eg: tunnel protection ipsec profile foo
tunnel protection ipsec profile boo
router10(config-if)#
router10(config)#int tunnel 3
router10(config-if)#tunnel protection ipsec profile DMVPN shared
Error: All interfaces sharing this IPSec profile must be configured using the 'shared' keyword'.
Eg: tunnel protection ipsec profile foo shared
---------------------------
IPSEC Profile Configuration
---------------------------
crypto keyring DMVPN
local-address Dialer1
pre-shared-key address 1.1.1.1 key ####
pre-shared-key address 2.2.2.2 key ####
crypto isakmp profile DMVPN
keyring DMVPN
match identity address 1.1.1.1 255.255.255.255
match identity address 2.2.2.2 255.255.255.255
local-address Dialer1
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode transport
crypto ipsec profile DMVPN
set transform-set DMVPN
set isakmp-profile DMVPN
----------------------------
Current Tunnel2 configuration
----------------------------
interface Tunnel2
description ####
bandwidth 10000
ip address 10.1.0.11 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map 10.1.0.1 1.1.1.1
ip nhrp map multicast 1.1.1.1
ip nhrp network-id 10001
ip nhrp holdtime 3600
ip nhrp nhs 10.1.0.1
ip nhrp registration no-unique
no ip split-horizon
ip tcp adjust-mss 1360
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 ######
ip ospf network broadcast
ip ospf priority 0
ip ospf cost 40
keepalive 10 2
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key ####
tunnel path-mtu-discovery
tunnel protection ipsec profile DMVPN
-----------------------------
Current Tunnel3 configuration
-----------------------------
interface Tunnel3
description ######
bandwidth 10000
ip address 10.3.0.11 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map multicast 2.2.2.2
ip nhrp map 10.3.0.1 2.2.2.2
ip nhrp network-id 10003
ip nhrp holdtime 3600
ip nhrp nhs 10.3.0.1
ip nhrp registration no-unique
no ip split-horizon
ip tcp adjust-mss 1360
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 #####
ip ospf network broadcast
ip ospf priority 0
ip ospf cost 90
keepalive 10 2
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key ####
tunnel path-mtu-discovery
--------------------------------------------------------------------------------------------
Tunnel3 condiguration is same but there is no tunnel protection ipsec profile DMVPN command
--------------------------------------------------------------------------------------------
according to the documentation and old scheema tunnel protection should be with shared key eg protection ipsec profile DMVPN shared
------------------------------------------------------------------------------------------------------------------------------------
Currently tunnel2 is protected with ipsec profile and active but tunnel 3 is not
--------------------------------------------------------------------------------
-----------------------------------
Information about Cisco 1941 Router
-----------------------------------
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4(3)M3, RELEASE SOFTWARE (fc2)
ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
2 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
Technology Package License Information for Module:'c1900'
------------------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
data None None None
NtwkEss None None None
-------------------------------------------------------------------------
06-07-2017 07:23 AM
Did you find a resolution for this problem?
07-20-2017 12:04 AM
yes, i found my self a solution, it was urgent. unfortunately i haven't received any response timely
01-04-2019 09:46 AM
hi,
i have the same problem.
Can you help?
06-07-2017 10:52 AM
Two questions ... are you using a Tunnel1 interface, and what does the interface for Dialer1 look like?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: