Hi Eugene,

                Do I need to add static route for remote sites?

Thanks,

Mostafa

You can put static route or default route.

Best Regards,

Eugene

I added static route still does not work.

For Router R1

ip route 172.16.10.0 255.255.255.0 f0/0

For Router R3

ip route 10.10.10.0 255.255.255.0 f0/0

Check the rooting in general, since it is not real life, remove cryptomaps, and check connectivity between loopbacks.

Best Regards,

Eugene

without crypto map, the loopbacks are not reachable each other, because I did not advertise the loopbacks IPs. So my concern is the loopbacks should reach each other by crypto map.

Hi Eugene,

                 I also tried to use CCP, but still tunnel was showing down, after that I am trying to use CLI to do fast and make it work..

Also I am very confused about adding route, because I did not find any references that said I had to add route to make VPN tunnel up.

Please refer to this document:

http://www.cisco.com/en/US/products/ps9422/products_configuration_example09186a0080ba1d0a.shtml

Best Regards,

Eugene

Hi Eugene,

                   What does it mean End−to−End IP connectivity must be established before starting this configuration? I want to make VPN tunnnel bet these 2 networks 10.10.10.0/24 and 172.16.10.0/24. Should they be reachable before making crypto map?

Thanks,

Mostafa

No they shouldn't.

Try just to copy configurations...

Anyway correcr routing should be applied. Check how it configured in example. Your devices need to know where to forward traffic.

Best Regards,

Eugene

Hi Eugene,

                 The documnet you gave me that also makes me confused.  The VPN tunnel was made for 10.10.10.0/24 and 10.10.20.0/24. Please see the advertizing routing. This is for Router B.

ip classless
ip route 10.10.10.0 255.255.255.0 172.17.1.2
ip route 10.77.233.0 255.255.255.0 10.77.241.65
ip route 172.16.1.0 255.255.255.0 172.17.1.2

Thanks,

Mostafa

Hi Mohammad,

Regarding to routing when using crypto map I think the best is just to remember that you need to have route to remote LAN going out of the interface on which you have crypto map attached.

In your case as an example on R3 you could have:

ip route 10.10.10.0 255.255.255.0 192.168.20.3

On R1:

ip route 172.16.10.0 255.255.255.0 192.168.10.2

192.168.20.3 or 192.168.10.2 might be nonexisting host, but the most important thing for the router is that it will hit the crypto map while routing the traffic out.

Hope that helps.

Cheers.

Hi Mohammad,

I worked out this on GNS3 and it worked for me. below I have attached the configurations and Network Topology for reference.

IP's i have considered is an example lab setup, please change them accordingly in your set up or requirement.

Hyd ----------------------ISP-------------------------------:LA

           1.1.1.1/30                        2.2.2.0/30

Hope this help you.

Let me know if any assist you need and please provide the relevant output.

Kindly, rate the helpful post.