Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
628
Views
0
Helpful
1
Replies

VPN with two cisco827

fmatarranz
Level 1
Level 1

‎11-21-2001 01:59 AM - edited ‎02-21-2020 11:30 AM

Hi there!

I´ve got a problem configuring a VPN between 2 offices using 2 routers CISCO 827 and IPSec.

I can´t comunicate both peers.

I send the configuration of the routers.

Can you help me?

Thanx

Labels:
0 Helpful
1 Reply 1

fmatarranz
Level 1
Level 1

‎11-21-2001 02:03 AM

ROUTER CISCO 827 1

ip subnet-zero

no ip finger

ip dhcp excluded-address 10.10.10.1

!

ip dhcp pool CLIENT

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

!

!

!

crypto isakmp policy 10

hash md5

authentication pre-share

lifetime 240

crypto isakmp key key1 address 213.97.199.154 255.255.255.192

!

crypto ipsec security-association lifetime seconds 120

!

crypto ipsec transform-set transform1 esp-des esp-md5-hmac

mode transport

!

crypto map map1 local-address Tunnel1

crypto map map1 10 ipsec-isakmp

set peer 213.97.199.154

set transform-set transform1

set pfs group1

match address 110

!

!

!

!

interface Tunnel1

description tunel tycsa 01

ip address 192.168.50.1 255.255.255.0

tunnel source 213.4.18.230

tunnel destination 213.97.199.154

crypto map map1

!

interface Ethernet0

ip address 10.0.0.14 255.255.255.0

ip nat inside

!

interface ATM0

no ip address

no atm ilmi-keepalive

bundle-enable

dsl operating-mode auto

!

interface ATM0.1 point-to-point

ip address 213.4.18.230 255.255.255.192

ip access-group 120 in

ip nat outside

pvc 3/32

encapsulation aal5snap

!

!

ip nat inside source list 130 interface ATM0.1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 ATM0.1

ip route 172.26.0.0 255.255.0.0 Tunnel1

ip http server

!

access-list 110 permit gre host 213.4.18.230 host 213.97.199.154

access-list 120 permit tcp any any established

access-list 120 permit esp any any

access-list 120 permit gre any any

access-list 120 permit udp any eq isakmp any eq isakmp

access-list 130 permit ip 0.0.0.0 255.255.255.0 any

!

line con 0

exec-timeout 120 0

transport input none

stopbits 1

line vty 0 4

exec-timeout 0 0

login local

!

scheduler max-task-time 5000

end

ROUTER CISCO 827 2

ip subnet-zero

no ip domain-lookup

!

ip dhcp pool CLIENT

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

!

!

!

crypto isakmp policy 10

hash md5

authentication pre-share

lifetime 240

crypto isakmp key key1 address 213.4.18.230 255.255.255.192

!

crypto ipsec security-association lifetime seconds 120

!

crypto ipsec transform-set transform1 esp-des esp-md5-hmac

mode transport

!

crypto map map1 local-address Tunnel1

crypto map map1 10 ipsec-isakmp

set peer 213.4.18.230

set transform-set transformada

set pfs group1

match address 110

!

!

!

!

interface Tunnel1

description Tunnel tycsa02

ip address 192.168.50.2 255.255.255.0

tunnel source 213.97.199.154

tunnel destination 213.4.18.230

crypto map map1

!

interface Ethernet0

ip address 10.0.0.200 255.255.255.0

ip nat inside

!

interface ATM0

no ip address

no atm ilmi-keepalive

bundle-enable

dsl operating-mode auto

!

interface ATM0.1 point-to-point

ip address 213.97.199.154 255.255.255.192

ip access-group 120 in

ip nat outside

pvc 8/32

encapsulation aal5snap

!

!

ip nat inside source list 130 interface ATM0.1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 ATM0.1

ip route 10.0.0.0 255.255.0.0 Tunnel1

ip http server

!

access-list 110 permit gre host 213.97.199.154 host 213.4.18.230

access-list 120 permit tcp any any established

access-list 120 permit esp any any

access-list 120 permit gre any any

access-list 120 permit udp any eq isakmp any eq isakmp

access-list 130 permit ip 172.26.0.0 0.0.0.255 any

!

line con 0

exec-timeout 120 0

transport input none

stopbits 1

line vty 0 4

exec-timeout 0 0

login local

!

scheduler max-task-time 5000

end

------------------------------------------------

DEBUG COMMANDO ON ROUTER 1

jesus#show crypto isakmp sa

dst src state conn-id slot

jesus#show crypto ipsec sa

interface: Tunnel1

Crypto map tag: map1, local addr. 192.168.50.1

local ident (addr/mask/prot/port): (213.4.18.230/255.255.255.255/47/0)

remote ident (addr/mask/prot/port): (213.97.199.154/255.255.255.255/47/0)

current_peer: 213.97.199.154

PERMIT, flags={origin_is_acl,}

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0

#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 0, #recv errors 0

local crypto endpt.: 192.168.50.1, remote crypto endpt.: 213.97.199.154

path mtu 1514, media mtu 1514

current outbound spi: 0

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

jesus#show crypto engine connection active

ID Interface IP-Address State Algorithm Encrypt Decrypt

0 Helpful
Customers Also Viewed These Support Documents