Need help determining why my nothing is showing up after setting up site to site vpn

JoeSS8700 · ‎11-08-2012

Ok, so I'm am trying to figure out why I can't get nothing to show up when I do sh crypto isakmp sa or sh crypto ipsec sa. I did the basic setup for a site to site vpn and I can ping across both networks just fine no problem. So when I ping from a pc in the 172.16.0.0 network to 192.168.0.0 network there is no problem at all because the pings are recieved just fine. But when I go to sh crypto isakmp sa, there is just nothing there and I can't for the life of me figure out why. I looked at my sh run for both routers and everything looks fine, but I guess I may be overlooking something. If someone could help me diagnose this problem I would truely appreciate. I have attached my packet tracer file and both routers are using the password binary. I put the password on there for the sake of it and to have a more real feel.

JoeSS8700 · ‎11-08-2012

Here are the show runs for both routers

Router Main A

hostname RmainA

!

ip dhcp pool ITS

network 172.16.150.0 255.255.255.0

default-router 172.16.150.1

option 150 ip 172.16.150.1

!

username ciscosdm privilege 15 password 0 ciscosdm

!

crypto isakmp policy 2

encr aes 128

authentication pre-share

group 2

!

crypto isakmp key binary address 192.0.2.27

!

crypto ipsec transform-set yasser esp-aes 128 esp-sha-hmac

!

crypto map vader 100 ipsec-isakmp

set peer 192.0.2.27

set pfs group2

set transform-set yasser

match address S2S-VPN-TRAFFIC

!

no ip domain-lookup

!

spanning-tree mode pvst

!

interface Loopback0

ip address 172.16.95.100 255.255.255.255

!

interface FastEthernet0/0

ip address 192.0.2.25 255.255.255.248

duplex auto

speed auto

crypto map vader

!

interface FastEthernet0/0.1

no ip address

!

interface FastEthernet0/1

description TRUNK TO MAIN SWITCH A

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.10

encapsulation dot1Q 10

ip address 172.16.10.1 255.255.255.240

!

interface FastEthernet0/1.20

encapsulation dot1Q 20

ip address 172.16.20.1 255.255.255.0

!

interface FastEthernet0/1.30

encapsulation dot1Q 30

ip address 172.16.30.1 255.255.255.0

!

interface FastEthernet0/1.40

encapsulation dot1Q 40

ip address 172.16.40.1 255.255.255.0

!

interface FastEthernet0/1.70

encapsulation dot1Q 70

ip address 172.16.70.1 255.255.255.0

!

interface FastEthernet0/1.95

encapsulation dot1Q 95

ip address 172.16.95.1 255.255.255.240

!

interface FastEthernet0/1.100

encapsulation dot1Q 100

ip address 172.16.100.1 255.255.255.0

shutdown

!

interface FastEthernet0/1.150

encapsulation dot1Q 150

ip address 172.16.150.1 255.255.255.0

!

interface Serial0/0/0

description TO BRANCH

ip address 10.0.0.1 255.255.255.252

clock rate 64000

shutdown

!

interface Serial0/0/1

no ip address

clock rate 125000

shutdown

!

interface Serial0/1/0

no ip address

clock rate 2000000

shutdown

!

interface Serial0/1/1

no ip address

clock rate 2000000

shutdown

!

interface FastEthernet1/0

switchport mode access

shutdown

!

interface FastEthernet1/1

switchport mode access

shutdown

!

interface FastEthernet1/2

switchport mode access

shutdown

!

interface FastEthernet1/3

switchport mode access

shutdown

!

interface FastEthernet1/4

switchport mode access

shutdown

!

interface FastEthernet1/5

switchport mode access

shutdown

!

interface FastEthernet1/6

switchport mode access

shutdown

!

interface FastEthernet1/7

switchport mode access

shutdown

!

interface FastEthernet1/8

switchport mode access

shutdown

!

interface FastEthernet1/9

switchport mode access

shutdown

!

interface FastEthernet1/10

switchport mode access

shutdown

!

interface FastEthernet1/11

switchport mode access

shutdown

!

interface FastEthernet1/12

switchport mode access

shutdown

!

interface FastEthernet1/13

switchport mode access

shutdown

!

interface FastEthernet1/14

switchport mode access

shutdown

!

interface FastEthernet1/15

switchport mode access

shutdown

!

interface Vlan1

no ip address

shutdown

!

router ospf 1

log-adjacency-changes

network 10.0.0.0 0.0.0.3 area 0

network 192.0.2.24 0.0.0.7 area 0

network 172.16.0.0 0.0.0.255 area 1

network 172.16.1.0 0.0.0.255 area 1

network 172.16.10.0 0.0.0.255 area 1

network 172.16.20.0 0.0.0.255 area 1

network 172.16.30.0 0.0.0.255 area 1

network 172.16.70.0 0.0.0.255 area 1

network 172.16.95.1 0.0.0.0 area 1

network 172.16.95.0 0.0.0.15 area 1

network 172.16.100.0 0.0.0.3 area 1

network 172.16.150.0 0.0.0.255 area 1

network 0.0.0.0 255.255.255.255 area 1

default-information originate

!

ip classless

ip default-network 10.0.0.0

!

ip access-list extended S2S-VPN-TRAFFIC

permit ip 172.16.0.0 0.0.0.255 192.168.0.0 0.0.0.255

!

dial-peer voice 150 voip

destination-pattern 20..

session target ipv4:192.168.150.1

!

telephony-service

max-ephones 30

max-dn 30

ip source-address 172.16.150.1 port 2000

auto assign 1 to 30

!

ephone 1

device-security-mode none

mac-address 0014.6AAC.2355

type 7960

!

ephone 2

device-security-mode none

!

ephone 3

device-security-mode none

!

ephone 4

device-security-mode none

!

ephone 5

device-security-mode none

!

ephone 6

device-security-mode none

!

ephone 7

device-security-mode none

!

ephone 8

device-security-mode none

!

ephone 9

device-security-mode none

!

ephone 10

device-security-mode none

!

ephone 11

device-security-mode none

!

ephone 12

device-security-mode none

!

ephone 13

device-security-mode none

!

ephone 14

device-security-mode none

!

ephone 15

device-security-mode none

!

ephone 16

device-security-mode none

!

ephone 17

device-security-mode none

!

ephone 18

device-security-mode none

!

ephone 19

device-security-mode none

!

ephone 20

device-security-mode none

!

ephone 21

device-security-mode none

!

ephone 22

device-security-mode none

!

ephone 23

device-security-mode none

!

ephone 24

device-security-mode none

!

ephone 25

device-security-mode none

!

ephone 26

device-security-mode none

!

ephone 27

device-security-mode none

!

ephone 28

device-security-mode none

!

ephone 29

device-security-mode none

!

ephone 30

device-security-mode none

!

line con 0

exec-timeout 90 0

password binary

logging synchronous

login

line vty 0 4

password binary

login local

!

end

JoeSS8700 · ‎11-08-2012

Router Branch

hostname Rbranch

!

enable secret 5 $1$KFpd$ZTYwy8CoWVhjvBXiDDoQx0

!

ip dhcp pool ITS

network 192.168.150.0 255.255.255.0

default-router 192.168.150.1

option 150 ip 192.168.150.1

!

username ciscosdm privilege 15 password 0 ciscosdm

!

crypto isakmp policy 2

encr aes 128

authentication pre-share

group 2

!

crypto isakmp key binary address 192.0.2.25

!

crypto ipsec transform-set yasser esp-aes 128 esp-sha-hmac

!

crypto map vader 100 ipsec-isakmp

set peer 192.0.2.25

set pfs group2

set transform-set yasser

match address S2S-VPN-TRAFFIC

!

no ip domain-lookup

!

spanning-tree mode pvst

!

interface Loopback0

ip address 192.168.95.100 255.255.255.255

!

interface FastEthernet0/0

ip address 192.0.2.27 255.255.255.248

duplex auto

speed auto

crypto map vader

!

interface FastEthernet0/1

ip address 192.168.0.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1.1

encapsulation dot1Q 1 native

ip address 192.168.1.1 255.255.255.0

!

interface FastEthernet0/1.10

encapsulation dot1Q 10

ip address 192.168.10.1 255.255.255.0

!

interface FastEthernet0/1.20

encapsulation dot1Q 20

ip address 192.168.20.1 255.255.255.0

!

interface FastEthernet0/1.30

encapsulation dot1Q 30

ip address 192.168.30.1 255.255.255.0

!

interface FastEthernet0/1.95

encapsulation dot1Q 95

ip address 192.168.95.1 255.255.255.240

!

interface FastEthernet0/1.150

encapsulation dot1Q 150

ip address 192.168.150.1 255.255.255.0

!

interface Serial0/0/0

ip address 10.0.0.2 255.255.255.252

clock rate 2000000

shutdown

!

interface Serial0/0/1

ip address 10.0.0.6 255.255.255.252

ip ospf priority 128

clock rate 2000000

shutdown

!

interface Serial0/1/0

no ip address

clock rate 2000000

shutdown

!

interface Serial0/1/1

no ip address

clock rate 2000000

shutdown

!

interface FastEthernet1/0

switchport mode access

shutdown

!

interface FastEthernet1/1

switchport mode access

shutdown

!

interface FastEthernet1/2

switchport mode access

shutdown

!

interface FastEthernet1/3

switchport mode access

shutdown

!

interface FastEthernet1/4

switchport mode access

shutdown

!

interface FastEthernet1/5

switchport mode access

shutdown

!

interface FastEthernet1/6

switchport mode access

shutdown

!

interface FastEthernet1/7

switchport mode access

shutdown

!

interface FastEthernet1/8

switchport mode access

shutdown

!

interface FastEthernet1/9

switchport mode access

shutdown

!

interface FastEthernet1/10

switchport mode access

shutdown

!

interface FastEthernet1/11

switchport mode access

shutdown

!

interface FastEthernet1/12

switchport mode access

shutdown

!

interface FastEthernet1/13

switchport mode access

shutdown

!

interface FastEthernet1/14

switchport mode access

shutdown

!

interface FastEthernet1/15

switchport mode access

shutdown

!

interface Vlan1

no ip address

shutdown

!

router ospf 1

log-adjacency-changes

network 10.0.0.0 0.0.0.3 area 0

network 10.0.0.4 0.0.0.3 area 0

network 192.0.2.24 0.0.0.7 area 0

network 192.168.0.0 0.0.0.255 area 2

network 192.168.1.0 0.0.0.255 area 2

network 192.168.10.0 0.0.0.255 area 2

network 192.168.20.0 0.0.0.255 area 2

network 192.168.30.0 0.0.0.255 area 2

network 192.168.95.0 0.0.0.15 area 2

network 192.168.95.100 0.0.0.0 area 2

network 192.168.100.0 0.0.0.3 area 2

network 192.168.150.0 0.0.0.255 area 2

default-information originate

!

ip classless

ip default-network 10.0.0.0

ip default-network 192.168.100.0

!

ip access-list extended S2S-VPN-TRAFFIC

permit ip 192.168.0.0 0.0.0.255 172.16.0.0 0.0.0.255

!

dial-peer voice 150 voip

destination-pattern 10..

session target ipv4:172.16.150.1

!

telephony-service

max-ephones 30

max-dn 30

ip source-address 192.168.150.1 port 2000

auto assign 1 to 30

!

ephone 1

device-security-mode none

mac-address 0008.E399.DC43

type 7960

!

ephone 2

device-security-mode none

mac-address 000D.287E.3A28

type 7960

!

ephone 3

device-security-mode none

!

ephone 4

device-security-mode none

!

ephone 5

device-security-mode none

!

ephone 6

device-security-mode none

!

ephone 7

device-security-mode none

!

ephone 8

device-security-mode none

!

ephone 9

device-security-mode none

!

ephone 10

device-security-mode none

!

ephone 11

device-security-mode none

!

ephone 12

device-security-mode none

!

ephone 13

device-security-mode none

!

ephone 14

device-security-mode none

!

ephone 15

device-security-mode none

!

ephone 16

device-security-mode none

!

ephone 17

device-security-mode none

!

ephone 18

device-security-mode none

!

ephone 19

device-security-mode none

!

ephone 20

device-security-mode none

!

ephone 21

device-security-mode none

!

ephone 22

device-security-mode none

!

ephone 23

device-security-mode none

!

ephone 24

device-security-mode none

!

ephone 25

device-security-mode none

!

ephone 26

device-security-mode none

!

ephone 27

device-security-mode none

!

ephone 28

device-security-mode none

!

ephone 29

device-security-mode none

!

ephone 30

device-security-mode none

!

line con 0

exec-timeout 90 0

password binary

logging synchronous

login

line vty 0 4

password binary

login local

!

end

JoeSS8700 · ‎11-08-2012

Anyone have any clues of what I'm doing wrong?