Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
863
Views
0
Helpful
2
Replies

site to site vpn on GNS

sharma16031981
Level 1
Level 1

‎06-07-2011 01:00 AM

-------------------

Router 1

--------------------

crypto isakmp policy 10

encr aes

authentication pre-share

group 2

lifetime 42000

crypto isakmp key cisco address 10.1.1.2

!

!

crypto ipsec transform-set R1TOR2 esp-aes esp-sha-hmac

!

crypto map toR2 10 ipsec-isakmp

set peer 10.1.1.2

set transform-set R1TOR2

match address 101

!

!

!

!

interface FastEthernet0/0

ip address 202.1.1.1 255.255.255.0 secondary

ip address 10.1.1.1 255.255.255.0

duplex auto

speed auto

crypto map toR2

!

interface FastEthernet0/1

ip address 10.1.2.1 255.255.255.0

duplex auto

speed auto

!

ip route 10.1.3.0 255.255.255.0 10.1.1.2

!

no ip http server

no ip http secure-server

!

!

access-list 101 permit ip host 10.1.1.1 host 10.1.1.2

access-list 101 permit ip 10.1.2.0 0.0.0.255 10.1.3.0 0.0.0.255

access-list 101 permit ip 10.1.3.0 0.0.0.255 10.1.2.0 0.0.0.255

----------------------

Router 2

---------------------

crypto isakmp policy 20

encr aes

authentication pre-share

group 2

lifetime 42000

crypto isakmp key cisco address 10.1.1.1

!

!

crypto ipsec transform-set R2toR1 esp-aes esp-sha-hmac

!

crypto map vpn 10 ipsec-isakmp

set peer 10.1.1.1

set transform-set R2toR1

match address 101

!

!

!

!

interface FastEthernet0/0

ip address 202.1.1.2 255.255.255.0 secondary

ip address 10.1.1.2 255.255.255.0

duplex auto

speed auto

crypto map vpn

!

interface FastEthernet0/1

ip address 10.1.3.1 255.255.255.0

duplex auto

speed auto

!

ip route 10.1.2.0 255.255.255.0 10.1.1.1

!

no ip http server

no ip http secure-server

!

!

access-list 101 permit ip host 10.1.1.2 host 10.1.1.1

access-list 101 permit ip 10.1.3.0 0.0.0.255 10.1.2.0 0.0.0.255

!

!

!

Hello guys,

I am facing a problem this is site to site vpn configured on gns on two routers. Now when I ping other side of directly conected interface vpn tunnel comes up but what I want is when inside network wants to talk to inside network on other side , tunnel must come up but it is not happening.

Please guide.

Appreciate your efforts.

Labels:
0 Helpful
2 Replies 2

andrew.prince
Level 10
Level 10

‎06-07-2011 06:32 AM

Looks fine - try from R1

int fa 0/1

no shut

ping 10.1.3.1 so 10.1.2.1 repeat 10

and from R2

int fa 0/1

no shut

ping 10.1.2.1 so 10.1.3.1 repeat 10

0 Helpful

sharma16031981
Level 1
Level 1
In response to andrew.prince

‎06-08-2011 01:06 AM

Thanks for reply !!!

Issue I am facing is when I ping 10.1.1.1 from router2 it, tunnel comes up and it pings. Then I clears the tunnel via cryto IPSec session and againg I ping from internal subnet behind router 1 to subnet behind router 2, it also get ping reply but tunnel never comes up.

any thing I am missing in config for that to work.

thanks once again

0 Helpful
Customers Also Viewed These Support Documents