cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3516
Views
0
Helpful
4
Replies

IPSec profile shared tunnel protection

CSCO12798688
Level 1
Level 1

Dear Everyone,

Can some one help me please....i recently upgraded my cisco 800 series router into 1941, here i can't protect my tunnel with shared keyword
which is sharing same ipsec profile

here are some information for you
--------------------------------------------------------------------------------------
Tunnel interface configuration error for tunnel protection ipsec profile DMVPN shared
--------------------------------------------------------------------------------------
router10(config)#int tunnel 2
router10(config-if)#tunnel protection ipsec profile DMVPN shared
Error: All interfaces sharing the same Tunnel Source can have different profiles only without the 'shared' keyword'.
Eg: tunnel protection ipsec profile foo
tunnel protection ipsec profile boo
router10(config-if)#
router10(config)#int tunnel 3
router10(config-if)#tunnel protection ipsec profile DMVPN shared
Error: All interfaces sharing this IPSec profile must be configured using the 'shared' keyword'.
Eg: tunnel protection ipsec profile foo shared
---------------------------
IPSEC Profile Configuration
---------------------------
crypto keyring DMVPN
local-address Dialer1
pre-shared-key address 1.1.1.1 key ####
pre-shared-key address 2.2.2.2 key ####
crypto isakmp profile DMVPN
keyring DMVPN
match identity address 1.1.1.1 255.255.255.255
match identity address 2.2.2.2 255.255.255.255
local-address Dialer1
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode transport
crypto ipsec profile DMVPN
set transform-set DMVPN
set isakmp-profile DMVPN
----------------------------
Current Tunnel2 configuration
----------------------------
interface Tunnel2
description ####
bandwidth 10000
ip address 10.1.0.11 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map 10.1.0.1 1.1.1.1
ip nhrp map multicast 1.1.1.1
ip nhrp network-id 10001
ip nhrp holdtime 3600
ip nhrp nhs 10.1.0.1
ip nhrp registration no-unique
no ip split-horizon
ip tcp adjust-mss 1360
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 ######
ip ospf network broadcast
ip ospf priority 0
ip ospf cost 40
keepalive 10 2
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key ####
tunnel path-mtu-discovery
tunnel protection ipsec profile DMVPN
-----------------------------
Current Tunnel3 configuration
-----------------------------
interface Tunnel3
description ######
bandwidth 10000
ip address 10.3.0.11 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map multicast 2.2.2.2
ip nhrp map 10.3.0.1 2.2.2.2
ip nhrp network-id 10003
ip nhrp holdtime 3600
ip nhrp nhs 10.3.0.1
ip nhrp registration no-unique
no ip split-horizon
ip tcp adjust-mss 1360
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 #####
ip ospf network broadcast
ip ospf priority 0
ip ospf cost 90
keepalive 10 2
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key ####
tunnel path-mtu-discovery
--------------------------------------------------------------------------------------------
Tunnel3 condiguration is same but there is no tunnel protection ipsec profile DMVPN command
--------------------------------------------------------------------------------------------
according to the documentation and old scheema tunnel protection should be with shared key eg protection ipsec profile DMVPN shared
------------------------------------------------------------------------------------------------------------------------------------
Currently tunnel2 is protected with ipsec profile and active but tunnel 3 is not
--------------------------------------------------------------------------------
-----------------------------------
Information about Cisco 1941 Router
-----------------------------------
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4(3)M3, RELEASE SOFTWARE (fc2)
ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
2 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module

Technology Package License Information for Module:'c1900'
------------------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
data None None None
NtwkEss None None None
-------------------------------------------------------------------------

4 Replies 4

rreed2010
Level 1
Level 1

Did you find a resolution for this problem?

yes, i found my self a solution, it was urgent. unfortunately i haven't received any response timely

hi,

i have the same problem.

Can you help?

Ian Underwood
Level 1
Level 1

Two questions ... are you using a Tunnel1 interface, and what does the interface for Dialer1 look like?

++I;
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: