Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
196
Views
0
Helpful
2
Replies

Router VPN IPsec not working

TimeOut
Level 1
Level 1

‎04-15-2025 02:05 AM

Hi anyone

 We have testing VPN IPsec on GNS3 lab. After configuration IPsec not working 

 

Result Session status

Interface: FastEthernet0/0
Session status: DOWN
Peer: 1.1.1.2 port 500
IPSEC FLOW: permit ip 10.0.0.0/255.255.255.0 10.0.1.0/255.255.255.0
Active SAs: 0, origin: crypto map

Here's my configuration

R1(config)# crypto isakmp policy 1
R1(config-isakmp)# encryption 3des
R1(config-isakmp)# hash md5
R1(config-isakmp)# authentication pre-share
R1(config-isakmp)# group 2
R1(config-isakmp)# lifetime 86400

R1(config)# crypto isakmp key 12345 address 1.1.1.2

R1(config)# ip access-list extended VPN-TRAFFIC
R1(config-ext-nacl)# permit ip 10.0.0.0 0.0.0.255 10.0.1.0 0.0.0.255


R1(config)# crypto ipsec transform-set my-ts esp-3des esp-md5-hmac
R1(config)# crypto map my-crypto 1 ipsec-isakmp
R1(config-crypto-map)# set peer 1.1.1.2
R1(config-crypto-map)# set transform-set my-ts
R1(config-crypto-map)# match address VPN-TRAFFIC

R1(config)# interface FastEthernet0/0
R1(config- if)# crypto map my-crypto

-----R2---------
R2(config)# crypto isakmp policy 1
R2(config-isakmp)# encryption 3des
R2(config-isakmp)# hash md5
R2(config-isakmp)# authentication pre-share
R2(config-isakmp)# group 2
R2(config-isakmp)# lifetime 86400

R2(config)# crypto isakmp key 12345 address 1.1.1.1
R2(config)# ip access-list extended VPN-TRAFFIC
R2(config-ext-nacl)# permit ip 10.0.1.0 0.0.0.255 10.0.0.0 0.0.0.255

R2(config)# crypto ipsec transform-set my-ts esp-3des esp-md5-hmac

R2(config)# crypto map my-crypto 1 ipsec-isakmp
R2(config-crypto-map)# set peer 1.1.1.1
R2(config-crypto-map)# set transform-set my-ts
R2(config-crypto-map)# match address VPN-TRAFFIC

R2(config)# interface FastEthernet0/0
R2(config- if)# crypto map my-crypto

 

Version router on GNS3

(C7200-ADVIPSERVICESK9-M), Version 15.2(4)S5

 

Labels:
0 Helpful
2 Replies 2

M02@rt37
VIP
VIP

‎04-15-2025 03:29 AM

Hello @TimeOut 

Please do these debug commands and share here ouputs please:

debug crypto isakmp
debug crypto ipsec

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

MHM Cisco World
VIP
VIP

‎04-18-2025 04:15 AM

Are this issue solved?

MHM

0 Helpful
Customers Also Viewed These Support Documents