Good day!
I've been trying to refresh and practicing site to site configuration but i have some issues which i still cannot ping Host B from Host A
below is my configuration from Router4 to R5-2, by the way in between R4 to R5-2 is connected thru OSPF
Router4
crypto isakmp policy 1
encr aes
authentication pre-share
group 5
!
crypto isakmp key jason address 172.16.60.2
!
!
!
crypto ipsec transform-set SITE_OFFICE esp-aes esp-sha-hmac
!
crypto map SITE_MAP 10 ipsec-isakmp
set peer 172.16.60.2
set transform-set SITE_OFFICE
match address NAT_LAN
!
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0/0
ip address 172.16.10.2 255.255.255.252
ip nat outside
duplex auto
speed auto
crypto map SITE_MAP
!
interface GigabitEthernet0/0/1
ip address 10.10.10.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list NAT_LAN interface GigabitEthernet0/0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.10.1
!
ip flow-export version 9
!
!
ip access-list extended NAT_LAN
permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255
permit ip 10.10.10.0 0.0.0.255 any
Router4#sh cry isa sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
172.16.60.2 172.16.10.2 QM_IDLE 1066 0 ACTIVE (deleted)
R5-2
crypto isakmp policy 1
encr aes
authentication pre-share
group 5
!
crypto isakmp key jason address 172.16.10.2
!
!
!
crypto ipsec transform-set HQ_OFFICE esp-aes esp-sha-hmac
!
crypto map HQ_MAP 10 ipsec-isakmp
set peer 172.16.10.2
set transform-set HQ_OFFICE
match address HQ_OFFICE
!
spanning-tree mode pvst
!
!
interface GigabitEthernet0/0/0
ip address 172.16.60.2 255.255.255.252
ip nat outside
duplex auto
speed auto
crypto map HQ_MAP
!
interface GigabitEthernet0/0/1
ip address 20.20.20.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list HQ_OFFICE interface GigabitEthernet0/0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.60.1
!
ip flow-export version 9
!
!
ip access-list extended HQ_OFFICE
permit ip 20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 20.20.20.0 0.0.0.255 any
R5-2#sh cry isa sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
172.16.10.2 172.16.60.2 QM_IDLE 1096 0 ACTIVE (deleted)
Accepted Solutions
