Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
538
Views
0
Helpful
1
Replies

VPN SR500 y RVL200

mexiredes
Level 1
Level 1

‎04-25-2011 09:04 AM

Que tal a todos he estado buscando en muchos lados como configurar una VPN entre router Cisco SR520 y Cisco small bussines RVL200 existen varios escenarios pero hasta ahora ninguno parecido al mio. Al final esta es la configuracion que creo yo debe de ser

Les dejo informacion y espero me puedan ayudar

desde ya mil gracias

Tengo el siguiente escenario

dos puntos punto A y punto B

En el Punto A tengo un Router Cisco SR520 con IP dinamica mediante DSL

y DDNS

En el Punto B tengo un Router Cisco small bussines RVL200 con internet mediante DSL IP dinamica

y DDNS

Los dos funcionan correctamente

ya configure los dos equipos a modo de VPN pero no logro se establezaca la comunicacion

Para los dos Router son DES, Pre-Share, Group 1, MD5 y lifetime 28800

les dejo un poco mas de informacion del sh run

SR520#  sh run | begin isakmp

crypto isakmp policy 12

authentication pre-share

lifetime 28800

crypto isakmp key 1234 hostname myhost.dyndns.org

crypto isakmp keepalive 30

!

!

crypto ipsec transform-set velosa esp-des esp-md5-hmac

mode transport

!

crypto map velosa 1 ipsec-isakmp

set peer 189.152.X.X

set transform-set velosa

match address 110

!

archive

log config

  logging enable

  logging size 600

  hidekeys

!

interface Dialer1

description $FW_OUTSIDE$

ip ddns update hostname myhost.dyndns.org

ip ddns update sdm_ddns1

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly

zone-member security out-zone

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname usuario@prodigy.net.mx

ppp chap password 7 0403595F5D791A1C584A5D

ppp pap sent-username usuario@prodigy.net.mx password 7 035C09525457771E1F5A41

ppp ipcp dns request

crypto map velosa

!

ip nat inside source route-map nonat interface Dialer1 overload

!

access-list 110 remark SDM_ACL Category=16

access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.23.0 0.0.0.255

access-list 115 deny   ip 192.168.1.0 0.0.0.255 192.168.23.0 0.0.0.255

access-list 115 permit ip 192.168.1.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!

route-map nonat permit 10

match ip address 115

!

ademas debug

SR520#sh crypto isakmp sa

IPv4 Crypto ISAKMP SA

dst             src             state          conn-id slot status

189.224.X.X  189.152.X.X  MM_NO_STATE          0    0 ACTIVE (deleted)

IPv6 Crypto ISAKMP SA

SR520#

SR520#sh crypto ipsec sa

interface: Dialer1

    Crypto map tag: velosa, local addr 189.224.X.X

   protected vrf: (none)

   local  ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)

   remote ident (addr/mask/prot/port): (192.168.23.0/255.255.255.0/0/0)

   current_peer 189.152.X.X port 500

     PERMIT, flags={origin_is_acl,ipsec_sa_request_sent}

    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

    #pkts compressed: 0, #pkts decompressed: 0

    #pkts not compressed: 0, #pkts compr. failed: 0

    #pkts not decompressed: 0, #pkts decompress failed: 0

    #send errors 792, #recv errors 0

     local crypto endpt.: 189.224.X.X, remote crypto endpt.: 189.152.X.X

     path mtu 1452, ip mtu 1452, ip mtu idb Dialer1

     current outbound spi: 0x0(0)

     inbound esp sas:

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:

     outbound ah sas:

     outbound pcp sas:

interface: Virtual-Access2

    Crypto map tag: velosa, local addr 0.0.0.0

   protected vrf: (none)

   local  ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)

   remote ident (addr/mask/prot/port): (192.168.23.0/255.255.255.0/0/0)

   current_peer 189.152.X.X port 500

     PERMIT, flags={origin_is_acl,}

    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

    #pkts compressed: 0, #pkts decompressed: 0

    #pkts not compressed: 0, #pkts compr. failed: 0

    #pkts not decompressed: 0, #pkts decompress failed: 0

    #send errors 0, #recv errors 0

     local crypto endpt.: 0.0.0.0, remote crypto endpt.: 189.152.X.X

     path mtu 1452, ip mtu 1452, ip mtu idb Virtual-Access2

     current outbound spi: 0x0(0)

     inbound esp sas:

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:

     outbound ah sas:

     outbound pcp sas:

SR520#

SR520#sh log | begin isakmp

*Mar  2 09:17:23.222: ISAKMP: Locking peer struct 0x83AA4190, refcount 1 for crypto_isakmp_process_block

*Mar  2 09:17:23.222: ISAKMP: local port 500, remote port 500

*Mar  2 09:17:23.222: insert sa successfully sa = 85C66720

*Mar  2 09:17:23.222: ISAKMP:(0): processing SA payload. message ID = 0

*Mar  2 09:17:23.222: ISAKMP:(0): processing ID payload. message ID = 0

*Mar  2 09:17:23.222: ISAKMP (0:0): ID payload

next-payload : 0

type         : 1

address      : 189.152.X.X

protocol     : 0

port         : 0

length       : 12

*Mar  2 09:17:23.226: ISAKMP:(0):: peer matches *none* of the profiles

*Mar  2 09:17:23.226: ISAKMP: no pre-shared key based on address 189.152.X.X!

*Mar  2 09:17:23.226: ISAKMP:(0):No pre-shared key with 189.152.X.X!

*Mar  2 09:17:23.226: ISAKMP:(0): local preshared key found

*Mar  2 09:17:23.226: ISAKMP : Scanning profiles for xauth ...

*Mar  2 09:17:23.226: ISAKMP:(0):Checking ISAKMP transform 0 against priority 12 policy

*Mar  2 09:17:23.226: ISAKMP:      life type in seconds

*Mar  2 09:17:23.226: ISAKMP:      life duration (basic) of 28800

*Mar  2 09:17:23.226: ISAKMP:      encryption DES-CBC

*Mar  2 09:17:23.226: ISAKMP:      hash MD5

*Mar  2 09:17:23.226: ISAKMP:      auth pre-share

*Mar  2 09:17:23.226: ISAKMP:      default group 1

*Mar  2 09:17:23.226: ISAKMP:(0):Hash algorithm offered does not match policy!

*Mar  2 09:17:23.226: ISAKMP:(0):atts are not acceptable. Next payload is 0

*Mar  2 09:17:23.226: ISAKMP:(0):no offers accepted!

*Mar  2 09:17:23.226: ISAKMP:(0): phase 1 SA policy not acceptable! (local 189.224.X.X remote 189.152.X.X)

*Mar  2 09:17:23.226: ISAKMP (0:0): incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init

*Mar  2 09:17:23.226: ISAKMP:(0): sending packet to 189.152.X.X my_port 500 peer_port 500 (R) AG_NO_STATE

*Mar  2 09:17:23.226: ISAKMP:(0):Sending an IKE IPv4 Packet.

*Mar  2 09:17:23.226: ISAKMP:(0):peer does not do paranoid keepalives.

*Mar  2 09:17:23.226: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer 189.152.X.X)

*Mar  2 09:17:23.226: ISAKMP:(0): processing KE payload. message ID = 0

*Mar  2 09:17:23.226: ISAKMP:(0): group size changed! Should be 0, is 96

*Mar  2 09:17:23.226: ISAKMP (0:0): incrementing error counter on sa, attempt 2 of 5: reset_retransmission

*Mar  2 09:17:23.226: ISAKMP (0:0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH:  state = IKE_READY

*Mar  2 09:17:23.226: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH

*Mar  2 09:17:23.226: ISAKMP:(0):Old State = IKE_READY  New State = IKE_READY

*Mar  2 09:17:23.230: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 189.152.X.X

SR520#

Mil Gracias
Labels:
0 Helpful
1 Reply 1

mexiredes
Level 1
Level 1

‎04-27-2011 07:40 AM

Que tal nuevamente

espero me puedan ayudar

aun sigo en la misma situacion

Alguien con alguna sugeriencia?

de antemano mil gracias

Saludos

Felices Pascuas

0 Helpful
Customers Also Viewed These Support Documents