02-02-2014 06:34 AM
Hi People,
I am having issues trying to bring to get a site-site VPN directly connect up.
I think I have made the basic requirements for the VPN configurations however when I do a test ping on R7 fsourced from the lo0 interface to the 2.2.2.2 i do not see any responses likewise when I do when I ping the 1.1.1.1 sourced from lo R8, no reply. the Isakmp SA is not activated too.
I have tried the same conguration on different IOS but still to no avail.
Every assistance is deeply appreciated.
The routers are 7200 ios and they are versioned as follows:
Cisco IOS Software, 7200 Software (C7200-JK9O3S-M), Version 12.4(19), RELEASE S OFTWARE (fc1)
See configuration below:
For R7
=====
hostname R7
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp peer address 10.1.12.2
!
!
crypto ipsec transform-set TEST esp-3des esp-md5-hmac
!
crypto map CMAP 10 ipsec-isakmp
set peer 10.1.12.2
set transform-set TEST
match address 120
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.12.1 255.255.255.0
ip ospf 1 area 1
duplex auto
speed auto
crypto map CMAP
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
access-list 120 permit ip host 1.1.1.1 host 2.2.2.2
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
For R8
=====
hostname R8
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco123 address 10.1.12.1
!
!
crypto ipsec transform-set TEST esp-3des esp-md5-hmac
!
crypto map CMAP 10 ipsec-isakmp
set peer 10.1.12.1
set transform-set TEST
match address 120
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 10.1.12.2 255.255.255.0
ip ospf 1 area 1
duplex auto
speed auto
crypto map CMAP
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
access-list 120 permit ip host 2.2.2.2 host 1.1.1.1
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
02-05-2014 11:58 PM
Unless I missed it, R7 doesn't have a key defined. That would cause Phase 1 to fail too.
Thank you.
Joe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide