Is that configuration

Pietro Tosatti · ‎03-20-2017

Following this link https://courses.cs.ut.ee/MTAT.08.004/2016_spring/uploads/Main/37_1.pdf , I was able to successfully create a vpn. However I was wondering if you could add another router between r0 r1

I tried it and it does not work

Michael Beck · ‎03-20-2017

Your link is not available outside your UT environment. So putting on the magic guessing hat I would troubleshoot as follows.

1. Prove connectivity between your 2 VPN devices. This can be accomplished with a ping. No connectivity is likely a routing issue. You don't have to have routes to the inside networks but r1 must be able to see r2.

2. Check the routing device you inserted for NAT. You may get a failure in IPSec if you are traversing a NAT device (ESP does not work with stateful inspection unless you use NAT traversal)

I'd bet on #1

Pietro Tosatti · ‎03-21-2017

Is that configuration possible?

[IMG]http://i64.tinypic.com/4rt353.jpg[/IMG]

I used these commands to the routers:

R0(config)# crypto isakmp policy 10

R0(config-isakmp)# encryption aes

R0(config-isakmp)# authentication pre-share

R0(config-isakmp)# group 2

R0(config-isakmp)# exit

R0(config)# crypto isakmp key cisco address 10.2.2.1

R0(config)# crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac

R0(config)# crypto map VPN-MAP 10 ipsec-isakmp

R0(config-crypto-map)# description VPN connection to R2

R0(config-crypto-map)# set peer 10.2.2.1

R0(config-crypto-map)# set transform-set VPN-SET

R0(config-crypto-map)# match address 110

R0(config-crypto-map)# exit

Without the fourth router it works perfectly, but when I add the fourth doesn't work anymore.

Thank you for the reply

VPN Trouble