cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
993
Views
0
Helpful
3
Replies

Need help determining why my nothing is showing up after setting up site to site vpn

JoeSS8700
Beginner
Beginner

Ok, so I'm am trying to figure out why I can't get nothing to show up when I do sh crypto isakmp sa or sh crypto ipsec sa. I did the basic setup for a site to site vpn and I can ping across both networks just fine no problem. So when I ping from a pc in the 172.16.0.0 network to 192.168.0.0 network there is no problem at all because the pings are recieved just fine. But when I go to sh crypto isakmp sa, there is just nothing there and I can't for the life of me figure out why. I looked at my sh run for both routers and everything looks fine, but I guess I may be overlooking something. If someone could help me diagnose this problem I would truely appreciate.   I have attached my packet tracer file and both routers are using the password binary. I put the password on there for the sake of it and to have a more real feel.

3 Replies 3

JoeSS8700
Beginner
Beginner

Here are the show runs for both routers

Router Main A

hostname RmainA

!

!

!

!

!

ip dhcp pool ITS

network 172.16.150.0 255.255.255.0

default-router 172.16.150.1

option 150 ip 172.16.150.1

!

!

!

username ciscosdm privilege 15 password 0 ciscosdm

!

crypto isakmp policy 2

encr aes 128

authentication pre-share

group 2

!

crypto isakmp key binary address 192.0.2.27

!

!

crypto ipsec transform-set yasser esp-aes 128 esp-sha-hmac

!

crypto map vader 100 ipsec-isakmp

set peer 192.0.2.27

set pfs group2

set transform-set yasser

match address S2S-VPN-TRAFFIC

!

!

!

no ip domain-lookup

!

!

spanning-tree mode pvst

!

!

!

!

interface Loopback0

ip address 172.16.95.100 255.255.255.255

!

interface FastEthernet0/0

ip address 192.0.2.25 255.255.255.248

duplex auto

speed auto

crypto map vader

!

interface FastEthernet0/0.1

no ip address

!

interface FastEthernet0/1

description TRUNK TO MAIN SWITCH A

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.10

encapsulation dot1Q 10

ip address 172.16.10.1 255.255.255.240

!

interface FastEthernet0/1.20

encapsulation dot1Q 20

ip address 172.16.20.1 255.255.255.0

!

interface FastEthernet0/1.30

encapsulation dot1Q 30

ip address 172.16.30.1 255.255.255.0

!

interface FastEthernet0/1.40

encapsulation dot1Q 40

ip address 172.16.40.1 255.255.255.0

!

interface FastEthernet0/1.70

encapsulation dot1Q 70

ip address 172.16.70.1 255.255.255.0

!

interface FastEthernet0/1.95

encapsulation dot1Q 95

ip address 172.16.95.1 255.255.255.240

!

interface FastEthernet0/1.100

encapsulation dot1Q 100

ip address 172.16.100.1 255.255.255.0

shutdown

!

interface FastEthernet0/1.150

encapsulation dot1Q 150

ip address 172.16.150.1 255.255.255.0

!

interface Serial0/0/0

description TO BRANCH

ip address 10.0.0.1 255.255.255.252

clock rate 64000

shutdown

!

interface Serial0/0/1

no ip address

clock rate 125000

shutdown

!

interface Serial0/1/0

no ip address

clock rate 2000000

shutdown

!

interface Serial0/1/1

no ip address

clock rate 2000000

shutdown

!

interface FastEthernet1/0

switchport mode access

shutdown

!

interface FastEthernet1/1

switchport mode access

shutdown

!

interface FastEthernet1/2

switchport mode access

shutdown

!

interface FastEthernet1/3

switchport mode access

shutdown

!

interface FastEthernet1/4

switchport mode access

shutdown

!

interface FastEthernet1/5

switchport mode access

shutdown

!

interface FastEthernet1/6

switchport mode access

shutdown

!

interface FastEthernet1/7

switchport mode access

shutdown

!

interface FastEthernet1/8

switchport mode access

shutdown

!

interface FastEthernet1/9

switchport mode access

shutdown

!

interface FastEthernet1/10

switchport mode access

shutdown

!

interface FastEthernet1/11

switchport mode access

shutdown

!

interface FastEthernet1/12

switchport mode access

shutdown

!

interface FastEthernet1/13

switchport mode access

shutdown

!

interface FastEthernet1/14

switchport mode access

shutdown

!

interface FastEthernet1/15

switchport mode access

shutdown

!

interface Vlan1

no ip address

shutdown

!

router ospf 1

log-adjacency-changes

network 10.0.0.0 0.0.0.3 area 0

network 192.0.2.24 0.0.0.7 area 0

network 172.16.0.0 0.0.0.255 area 1

network 172.16.1.0 0.0.0.255 area 1

network 172.16.10.0 0.0.0.255 area 1

network 172.16.20.0 0.0.0.255 area 1

network 172.16.30.0 0.0.0.255 area 1

network 172.16.70.0 0.0.0.255 area 1

network 172.16.95.1 0.0.0.0 area 1

network 172.16.95.0 0.0.0.15 area 1

network 172.16.100.0 0.0.0.3 area 1

network 172.16.150.0 0.0.0.255 area 1

network 0.0.0.0 255.255.255.255 area 1

default-information originate

!

ip classless

ip default-network 10.0.0.0

!

!

ip access-list extended S2S-VPN-TRAFFIC

permit ip 172.16.0.0 0.0.0.255 192.168.0.0 0.0.0.255

!

!

!

!

!

dial-peer voice 150 voip

destination-pattern 20..

session target ipv4:192.168.150.1

!

telephony-service

max-ephones 30

max-dn 30

ip source-address 172.16.150.1 port 2000

auto assign 1 to 30

!

ephone 1

device-security-mode none

mac-address 0014.6AAC.2355

type 7960

!

ephone 2

device-security-mode none

!

ephone 3

device-security-mode none

!

ephone 4

device-security-mode none

!

ephone 5

device-security-mode none

!

ephone 6

device-security-mode none

!

ephone 7

device-security-mode none

!

ephone 8

device-security-mode none

!

ephone 9

device-security-mode none

!

ephone 10

device-security-mode none

!

ephone 11

device-security-mode none

!

ephone 12

device-security-mode none

!

ephone 13

device-security-mode none

!

ephone 14

device-security-mode none

!

ephone 15

device-security-mode none

!

ephone 16

device-security-mode none

!

ephone 17

device-security-mode none

!

ephone 18

device-security-mode none

!

ephone 19

device-security-mode none

!

ephone 20

device-security-mode none

!

ephone 21

device-security-mode none

!

ephone 22

device-security-mode none

!

ephone 23

device-security-mode none

!

ephone 24

device-security-mode none

!

ephone 25

device-security-mode none

!

ephone 26

device-security-mode none

!

ephone 27

device-security-mode none

!

ephone 28

device-security-mode none

!

ephone 29

device-security-mode none

!

ephone 30

device-security-mode none

!

line con 0

exec-timeout 90 0

password binary

logging synchronous

login

line vty 0 4

password binary

login local

!

!

!

end

Router Branch

hostname Rbranch

!

!

!

enable secret 5 $1$KFpd$ZTYwy8CoWVhjvBXiDDoQx0

!

!

!

ip dhcp pool ITS

network 192.168.150.0 255.255.255.0

default-router 192.168.150.1

option 150 ip 192.168.150.1

!

!

!

username ciscosdm privilege 15 password 0 ciscosdm

!

crypto isakmp policy 2

encr aes 128

authentication pre-share

group 2

!

crypto isakmp key binary address 192.0.2.25

!

!

crypto ipsec transform-set yasser esp-aes 128 esp-sha-hmac

!

crypto map vader 100 ipsec-isakmp

set peer 192.0.2.25

set pfs group2

set transform-set yasser

match address S2S-VPN-TRAFFIC

!

!

!

no ip domain-lookup

!

!

spanning-tree mode pvst

!

!

!

!

interface Loopback0

ip address 192.168.95.100 255.255.255.255

!

interface FastEthernet0/0

ip address 192.0.2.27 255.255.255.248

duplex auto

speed auto

crypto map vader

!

interface FastEthernet0/1

ip address 192.168.0.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1.1

encapsulation dot1Q 1 native

ip address 192.168.1.1 255.255.255.0

!

interface FastEthernet0/1.10

encapsulation dot1Q 10

ip address 192.168.10.1 255.255.255.0

!

interface FastEthernet0/1.20

encapsulation dot1Q 20

ip address 192.168.20.1 255.255.255.0

!

interface FastEthernet0/1.30

encapsulation dot1Q 30

ip address 192.168.30.1 255.255.255.0

!

interface FastEthernet0/1.95

encapsulation dot1Q 95

ip address 192.168.95.1 255.255.255.240

!

interface FastEthernet0/1.150

encapsulation dot1Q 150

ip address 192.168.150.1 255.255.255.0

!

interface Serial0/0/0

ip address 10.0.0.2 255.255.255.252

clock rate 2000000

shutdown

!

interface Serial0/0/1

ip address 10.0.0.6 255.255.255.252

ip ospf priority 128

clock rate 2000000

shutdown

!

interface Serial0/1/0

no ip address

clock rate 2000000

shutdown

!

interface Serial0/1/1

no ip address

clock rate 2000000

shutdown

!

interface FastEthernet1/0

switchport mode access

shutdown

!

interface FastEthernet1/1

switchport mode access

shutdown

!

interface FastEthernet1/2

switchport mode access

shutdown

!

interface FastEthernet1/3

switchport mode access

shutdown

!

interface FastEthernet1/4

switchport mode access

shutdown

!

interface FastEthernet1/5

switchport mode access

shutdown

!

interface FastEthernet1/6

switchport mode access

shutdown

!

interface FastEthernet1/7

switchport mode access

shutdown

!

interface FastEthernet1/8

switchport mode access

shutdown

!

interface FastEthernet1/9

switchport mode access

shutdown

!

interface FastEthernet1/10

switchport mode access

shutdown

!

interface FastEthernet1/11

switchport mode access

shutdown

!

interface FastEthernet1/12

switchport mode access

shutdown

!

interface FastEthernet1/13

switchport mode access

shutdown

!

interface FastEthernet1/14

switchport mode access

shutdown

!

interface FastEthernet1/15

switchport mode access

shutdown

!

interface Vlan1

no ip address

shutdown

!

router ospf 1

log-adjacency-changes

network 10.0.0.0 0.0.0.3 area 0

network 10.0.0.4 0.0.0.3 area 0

network 192.0.2.24 0.0.0.7 area 0

network 192.168.0.0 0.0.0.255 area 2

network 192.168.1.0 0.0.0.255 area 2

network 192.168.10.0 0.0.0.255 area 2

network 192.168.20.0 0.0.0.255 area 2

network 192.168.30.0 0.0.0.255 area 2

network 192.168.95.0 0.0.0.15 area 2

network 192.168.95.100 0.0.0.0 area 2

network 192.168.100.0 0.0.0.3 area 2

network 192.168.150.0 0.0.0.255 area 2

default-information originate

!

ip classless

ip default-network 10.0.0.0

ip default-network 192.168.100.0

!

!

ip access-list extended S2S-VPN-TRAFFIC

permit ip 192.168.0.0 0.0.0.255 172.16.0.0 0.0.0.255

!

!

!

!

!

dial-peer voice 150 voip

destination-pattern 10..

session target ipv4:172.16.150.1

!

telephony-service

max-ephones 30

max-dn 30

ip source-address 192.168.150.1 port 2000

auto assign 1 to 30

!

ephone 1

device-security-mode none

mac-address 0008.E399.DC43

type 7960

!

ephone 2

device-security-mode none

mac-address 000D.287E.3A28

type 7960

!

ephone 3

device-security-mode none

!

ephone 4

device-security-mode none

!

ephone 5

device-security-mode none

!

ephone 6

device-security-mode none

!

ephone 7

device-security-mode none

!

ephone 8

device-security-mode none

!

ephone 9

device-security-mode none

!

ephone 10

device-security-mode none

!

ephone 11

device-security-mode none

!

ephone 12

device-security-mode none

!

ephone 13

device-security-mode none

!

ephone 14

device-security-mode none

!

ephone 15

device-security-mode none

!

ephone 16

device-security-mode none

!

ephone 17

device-security-mode none

!

ephone 18

device-security-mode none

!

ephone 19

device-security-mode none

!

ephone 20

device-security-mode none

!

ephone 21

device-security-mode none

!

ephone 22

device-security-mode none

!

ephone 23

device-security-mode none

!

ephone 24

device-security-mode none

!

ephone 25

device-security-mode none

!

ephone 26

device-security-mode none

!

ephone 27

device-security-mode none

!

ephone 28

device-security-mode none

!

ephone 29

device-security-mode none

!

ephone 30

device-security-mode none

!

line con 0

exec-timeout 90 0

password binary

logging synchronous

login

line vty 0 4

password binary

login local

!

!

!

end

Anyone have any clues of what I'm doing wrong?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: