[c-nsp] C837 -> C7200 - VPN Tunnel Issue

Raymond Ho raymond_hwj at hotmail.com
Tue May 3 11:23:35 EDT 2005


Hi all,

Just some additional info which slipped off my mind. The under mentioned is the info of the router that's doing the tunneling,
Do assist/advise. Thank you.

Cisco IOS Software, 7200 Software (C7200-JK9O3S-M), Version 12.3(7)T3, RELEASE SOFTWARE (fc2)
ROM: System Bootstrap, Version 12.0(20000211:194150) [dperez-cosmos_e_ecc 106], DEVELOPMENT SOFTWARE
BOOTLDR: 7200 Software (C7200-BOOT-M), Version 12.0(10)S, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)


Raymond Ho wrote on Sun, May 01, 2005 at 05:02:10AM SGT :
| Hi,
| 
| I was wondering if there's anyone who faced the under mentioned issue with vpn tunnel (Using C837(32M) w/ 12.2(13)ZH4. Please view the under mentioned error msg / config). Is it a bug ?
| Apparently, all the interfaces are up and connected but it's unable to forward the packets thru the tunnel though it has been established.
| I've tried the same config with another C837 (64M) with 12.3(11)T5 and it's working fine with no error.
| I'm only able to make do with a 12.2 for C837(32M) but it isn't working.
| 
| Is it possible that its facing the same issue with the 1700 (BugID CSCdx32291) ?
| 
| Please advise. Thanks.
| 
| --
| Regards,
| Raymond Ho
| 
| *Apr  29 21:06:16.271: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from 10.132.149.195  failed its sanity check or is malformed
| 
| ROM: System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)
| ROM: C837 Software (C837-K9O3SY6-M), Version 12.2(13)ZH4, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
| System image file is "flash:c837-k9o3sy6-mz.122-13.ZH4.bin"
| 
| CISCO C837 (MPC857DSL) processor (revision 0x400) with 29492K/3276K bytes of memory.
| Processor board ID AMB07210UGK (1544770661), with hardware revision 0000
| CPU rev number 7
| Bridging software.
| 1 Ethernet/IEEE 802.3 interface(s) <- I've got four interfaces (FE) only one was shown.
| 1 ATM network interface(s)
| 128K bytes of non-volatile configuration memory.
| 12288K bytes of processor board System flash (Read/Write)
| 2048K bytes of processor board Web flash (Read/Write)
| 
| vpdn-group 1
|  request-dialin
|   protocol pppoe
| 
| crypto isakmp policy 1
|  authentication pre-share
| crypto isakmp key 2 [aAGacbdEgEcLPYXRE^AAZZ``\Qf address 10.132.149.195
| 
| crypto ipsec transform-set dmvpnset ah-sha-hmac 
| 
| crypto map vpnmap 10 ipsec-isakmp 
|  set peer 10.132.149.195
|  set security-association level per-host
|  set transform-set dmvpnset 
|  match address 120
| 
| interface Tunnel2
|  bandwidth 3072
|  ip address 10.132.96.168 255.255.255.128
|  no ip redirects
|  ip mtu 1524
|  ip nhrp authentication dmvpn2
|  ip nhrp map multicast dynamic
|  ip nhrp map multicast 10.132.149.195
|  ip nhrp map 10.132.96.130 10.132.149.195
|  ip nhrp network-id 2
|  ip nhrp holdtime 300
|  ip nhrp nhs 10.132.96.130
|  no ip mroute-cache
|  tunnel source Dialer0
|  tunnel destination 10.132.149.195
|  tunnel key 2
|  crypto map vpnmap
| 
| interface ATM0
|  no ip address
|  no atm ilmi-keepalive
|  pvc 0/16 ilmi
|  
|  pvc 0/100 
|   encapsulation aal5mux ppp dialer
|   dialer pool-member 1
|  bundle-enable
|  dsl operating-mode auto
| 
| interface Dialer0
|  ip address negotiated
|  encapsulation ppp
|  dialer pool 1
|  ppp authentication pap callin
|  ppp pap sent-username testac at nts_trial password 7 23451E010Z04091932
|  crypto map vpnmap
| _______________________________________________
| cisco-nsp mailing list  cisco-nsp at puck.nether.net
| https://puck.nether.net/mailman/listinfo/cisco-nsp
| archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
Regards,
Raymond Ho
E-mail: raymondh at sg.freebsd.org
Web: http://www.freebsd.org
----------
Key ID 478C4F42
Fingerprint = 9128 015E 53D0 5D96 70FC  198B 934B 5A9F 478C 4F42

"The only thing necessary for the truimph of evil is for good men to do nothing."
-- Edmund Burke (1729 - 1797)


More information about the cisco-nsp mailing list