11-08-2012 09:59 AM
Ok, so I'm am trying to figure out why I can't get nothing to show up when I do sh crypto isakmp sa or sh crypto ipsec sa. I did the basic setup for a site to site vpn and I can ping across both networks just fine no problem. So when I ping from a pc in the 172.16.0.0 network to 192.168.0.0 network there is no problem at all because the pings are recieved just fine. But when I go to sh crypto isakmp sa, there is just nothing there and I can't for the life of me figure out why. I looked at my sh run for both routers and everything looks fine, but I guess I may be overlooking something. If someone could help me diagnose this problem I would truely appreciate. I have attached my packet tracer file and both routers are using the password binary. I put the password on there for the sake of it and to have a more real feel.
11-08-2012 10:02 AM
Here are the show runs for both routers
Router Main A
hostname RmainA
!
!
!
!
!
ip dhcp pool ITS
network 172.16.150.0 255.255.255.0
default-router 172.16.150.1
option 150 ip 172.16.150.1
!
!
!
username ciscosdm privilege 15 password 0 ciscosdm
!
crypto isakmp policy 2
encr aes 128
authentication pre-share
group 2
!
crypto isakmp key binary address 192.0.2.27
!
!
crypto ipsec transform-set yasser esp-aes 128 esp-sha-hmac
!
crypto map vader 100 ipsec-isakmp
set peer 192.0.2.27
set pfs group2
set transform-set yasser
match address S2S-VPN-TRAFFIC
!
!
!
no ip domain-lookup
!
!
spanning-tree mode pvst
!
!
!
!
interface Loopback0
ip address 172.16.95.100 255.255.255.255
!
interface FastEthernet0/0
ip address 192.0.2.25 255.255.255.248
duplex auto
speed auto
crypto map vader
!
interface FastEthernet0/0.1
no ip address
!
interface FastEthernet0/1
description TRUNK TO MAIN SWITCH A
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 172.16.10.1 255.255.255.240
!
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 172.16.20.1 255.255.255.0
!
interface FastEthernet0/1.30
encapsulation dot1Q 30
ip address 172.16.30.1 255.255.255.0
!
interface FastEthernet0/1.40
encapsulation dot1Q 40
ip address 172.16.40.1 255.255.255.0
!
interface FastEthernet0/1.70
encapsulation dot1Q 70
ip address 172.16.70.1 255.255.255.0
!
interface FastEthernet0/1.95
encapsulation dot1Q 95
ip address 172.16.95.1 255.255.255.240
!
interface FastEthernet0/1.100
encapsulation dot1Q 100
ip address 172.16.100.1 255.255.255.0
shutdown
!
interface FastEthernet0/1.150
encapsulation dot1Q 150
ip address 172.16.150.1 255.255.255.0
!
interface Serial0/0/0
description TO BRANCH
ip address 10.0.0.1 255.255.255.252
clock rate 64000
shutdown
!
interface Serial0/0/1
no ip address
clock rate 125000
shutdown
!
interface Serial0/1/0
no ip address
clock rate 2000000
shutdown
!
interface Serial0/1/1
no ip address
clock rate 2000000
shutdown
!
interface FastEthernet1/0
switchport mode access
shutdown
!
interface FastEthernet1/1
switchport mode access
shutdown
!
interface FastEthernet1/2
switchport mode access
shutdown
!
interface FastEthernet1/3
switchport mode access
shutdown
!
interface FastEthernet1/4
switchport mode access
shutdown
!
interface FastEthernet1/5
switchport mode access
shutdown
!
interface FastEthernet1/6
switchport mode access
shutdown
!
interface FastEthernet1/7
switchport mode access
shutdown
!
interface FastEthernet1/8
switchport mode access
shutdown
!
interface FastEthernet1/9
switchport mode access
shutdown
!
interface FastEthernet1/10
switchport mode access
shutdown
!
interface FastEthernet1/11
switchport mode access
shutdown
!
interface FastEthernet1/12
switchport mode access
shutdown
!
interface FastEthernet1/13
switchport mode access
shutdown
!
interface FastEthernet1/14
switchport mode access
shutdown
!
interface FastEthernet1/15
switchport mode access
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
network 10.0.0.0 0.0.0.3 area 0
network 192.0.2.24 0.0.0.7 area 0
network 172.16.0.0 0.0.0.255 area 1
network 172.16.1.0 0.0.0.255 area 1
network 172.16.10.0 0.0.0.255 area 1
network 172.16.20.0 0.0.0.255 area 1
network 172.16.30.0 0.0.0.255 area 1
network 172.16.70.0 0.0.0.255 area 1
network 172.16.95.1 0.0.0.0 area 1
network 172.16.95.0 0.0.0.15 area 1
network 172.16.100.0 0.0.0.3 area 1
network 172.16.150.0 0.0.0.255 area 1
network 0.0.0.0 255.255.255.255 area 1
default-information originate
!
ip classless
ip default-network 10.0.0.0
!
!
ip access-list extended S2S-VPN-TRAFFIC
permit ip 172.16.0.0 0.0.0.255 192.168.0.0 0.0.0.255
!
!
!
!
!
dial-peer voice 150 voip
destination-pattern 20..
session target ipv4:192.168.150.1
!
telephony-service
max-ephones 30
max-dn 30
ip source-address 172.16.150.1 port 2000
auto assign 1 to 30
!
ephone 1
device-security-mode none
mac-address 0014.6AAC.2355
type 7960
!
ephone 2
device-security-mode none
!
ephone 3
device-security-mode none
!
ephone 4
device-security-mode none
!
ephone 5
device-security-mode none
!
ephone 6
device-security-mode none
!
ephone 7
device-security-mode none
!
ephone 8
device-security-mode none
!
ephone 9
device-security-mode none
!
ephone 10
device-security-mode none
!
ephone 11
device-security-mode none
!
ephone 12
device-security-mode none
!
ephone 13
device-security-mode none
!
ephone 14
device-security-mode none
!
ephone 15
device-security-mode none
!
ephone 16
device-security-mode none
!
ephone 17
device-security-mode none
!
ephone 18
device-security-mode none
!
ephone 19
device-security-mode none
!
ephone 20
device-security-mode none
!
ephone 21
device-security-mode none
!
ephone 22
device-security-mode none
!
ephone 23
device-security-mode none
!
ephone 24
device-security-mode none
!
ephone 25
device-security-mode none
!
ephone 26
device-security-mode none
!
ephone 27
device-security-mode none
!
ephone 28
device-security-mode none
!
ephone 29
device-security-mode none
!
ephone 30
device-security-mode none
!
line con 0
exec-timeout 90 0
password binary
logging synchronous
login
line vty 0 4
password binary
login local
!
!
!
end
11-08-2012 10:05 AM
Router Branch
hostname Rbranch
!
!
!
enable secret 5 $1$KFpd$ZTYwy8CoWVhjvBXiDDoQx0
!
!
!
ip dhcp pool ITS
network 192.168.150.0 255.255.255.0
default-router 192.168.150.1
option 150 ip 192.168.150.1
!
!
!
username ciscosdm privilege 15 password 0 ciscosdm
!
crypto isakmp policy 2
encr aes 128
authentication pre-share
group 2
!
crypto isakmp key binary address 192.0.2.25
!
!
crypto ipsec transform-set yasser esp-aes 128 esp-sha-hmac
!
crypto map vader 100 ipsec-isakmp
set peer 192.0.2.25
set pfs group2
set transform-set yasser
match address S2S-VPN-TRAFFIC
!
!
!
no ip domain-lookup
!
!
spanning-tree mode pvst
!
!
!
!
interface Loopback0
ip address 192.168.95.100 255.255.255.255
!
interface FastEthernet0/0
ip address 192.0.2.27 255.255.255.248
duplex auto
speed auto
crypto map vader
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1.1
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet0/1.30
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
!
interface FastEthernet0/1.95
encapsulation dot1Q 95
ip address 192.168.95.1 255.255.255.240
!
interface FastEthernet0/1.150
encapsulation dot1Q 150
ip address 192.168.150.1 255.255.255.0
!
interface Serial0/0/0
ip address 10.0.0.2 255.255.255.252
clock rate 2000000
shutdown
!
interface Serial0/0/1
ip address 10.0.0.6 255.255.255.252
ip ospf priority 128
clock rate 2000000
shutdown
!
interface Serial0/1/0
no ip address
clock rate 2000000
shutdown
!
interface Serial0/1/1
no ip address
clock rate 2000000
shutdown
!
interface FastEthernet1/0
switchport mode access
shutdown
!
interface FastEthernet1/1
switchport mode access
shutdown
!
interface FastEthernet1/2
switchport mode access
shutdown
!
interface FastEthernet1/3
switchport mode access
shutdown
!
interface FastEthernet1/4
switchport mode access
shutdown
!
interface FastEthernet1/5
switchport mode access
shutdown
!
interface FastEthernet1/6
switchport mode access
shutdown
!
interface FastEthernet1/7
switchport mode access
shutdown
!
interface FastEthernet1/8
switchport mode access
shutdown
!
interface FastEthernet1/9
switchport mode access
shutdown
!
interface FastEthernet1/10
switchport mode access
shutdown
!
interface FastEthernet1/11
switchport mode access
shutdown
!
interface FastEthernet1/12
switchport mode access
shutdown
!
interface FastEthernet1/13
switchport mode access
shutdown
!
interface FastEthernet1/14
switchport mode access
shutdown
!
interface FastEthernet1/15
switchport mode access
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
network 10.0.0.0 0.0.0.3 area 0
network 10.0.0.4 0.0.0.3 area 0
network 192.0.2.24 0.0.0.7 area 0
network 192.168.0.0 0.0.0.255 area 2
network 192.168.1.0 0.0.0.255 area 2
network 192.168.10.0 0.0.0.255 area 2
network 192.168.20.0 0.0.0.255 area 2
network 192.168.30.0 0.0.0.255 area 2
network 192.168.95.0 0.0.0.15 area 2
network 192.168.95.100 0.0.0.0 area 2
network 192.168.100.0 0.0.0.3 area 2
network 192.168.150.0 0.0.0.255 area 2
default-information originate
!
ip classless
ip default-network 10.0.0.0
ip default-network 192.168.100.0
!
!
ip access-list extended S2S-VPN-TRAFFIC
permit ip 192.168.0.0 0.0.0.255 172.16.0.0 0.0.0.255
!
!
!
!
!
dial-peer voice 150 voip
destination-pattern 10..
session target ipv4:172.16.150.1
!
telephony-service
max-ephones 30
max-dn 30
ip source-address 192.168.150.1 port 2000
auto assign 1 to 30
!
ephone 1
device-security-mode none
mac-address 0008.E399.DC43
type 7960
!
ephone 2
device-security-mode none
mac-address 000D.287E.3A28
type 7960
!
ephone 3
device-security-mode none
!
ephone 4
device-security-mode none
!
ephone 5
device-security-mode none
!
ephone 6
device-security-mode none
!
ephone 7
device-security-mode none
!
ephone 8
device-security-mode none
!
ephone 9
device-security-mode none
!
ephone 10
device-security-mode none
!
ephone 11
device-security-mode none
!
ephone 12
device-security-mode none
!
ephone 13
device-security-mode none
!
ephone 14
device-security-mode none
!
ephone 15
device-security-mode none
!
ephone 16
device-security-mode none
!
ephone 17
device-security-mode none
!
ephone 18
device-security-mode none
!
ephone 19
device-security-mode none
!
ephone 20
device-security-mode none
!
ephone 21
device-security-mode none
!
ephone 22
device-security-mode none
!
ephone 23
device-security-mode none
!
ephone 24
device-security-mode none
!
ephone 25
device-security-mode none
!
ephone 26
device-security-mode none
!
ephone 27
device-security-mode none
!
ephone 28
device-security-mode none
!
ephone 29
device-security-mode none
!
ephone 30
device-security-mode none
!
line con 0
exec-timeout 90 0
password binary
logging synchronous
login
line vty 0 4
password binary
login local
!
!
!
end
11-08-2012 12:52 PM
Anyone have any clues of what I'm doing wrong?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: