[c-nsp] C837 -> C7200 - VPN Tunnel Issue
Raymond Ho
raymond_hwj at hotmail.com
Tue May 3 11:23:35 EDT 2005
Hi all,
Just some additional info which slipped off my mind. The under mentioned is the info of the router that's doing the tunneling,
Do assist/advise. Thank you.
Cisco IOS Software, 7200 Software (C7200-JK9O3S-M), Version 12.3(7)T3, RELEASE SOFTWARE (fc2)
ROM: System Bootstrap, Version 12.0(20000211:194150) [dperez-cosmos_e_ecc 106], DEVELOPMENT SOFTWARE
BOOTLDR: 7200 Software (C7200-BOOT-M), Version 12.0(10)S, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Raymond Ho wrote on Sun, May 01, 2005 at 05:02:10AM SGT :
| Hi,
|
| I was wondering if there's anyone who faced the under mentioned issue with vpn tunnel (Using C837(32M) w/ 12.2(13)ZH4. Please view the under mentioned error msg / config). Is it a bug ?
| Apparently, all the interfaces are up and connected but it's unable to forward the packets thru the tunnel though it has been established.
| I've tried the same config with another C837 (64M) with 12.3(11)T5 and it's working fine with no error.
| I'm only able to make do with a 12.2 for C837(32M) but it isn't working.
|
| Is it possible that its facing the same issue with the 1700 (BugID CSCdx32291) ?
|
| Please advise. Thanks.
|
| --
| Regards,
| Raymond Ho
|
| *Apr 29 21:06:16.271: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from 10.132.149.195 failed its sanity check or is malformed
|
| ROM: System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)
| ROM: C837 Software (C837-K9O3SY6-M), Version 12.2(13)ZH4, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
| System image file is "flash:c837-k9o3sy6-mz.122-13.ZH4.bin"
|
| CISCO C837 (MPC857DSL) processor (revision 0x400) with 29492K/3276K bytes of memory.
| Processor board ID AMB07210UGK (1544770661), with hardware revision 0000
| CPU rev number 7
| Bridging software.
| 1 Ethernet/IEEE 802.3 interface(s) <- I've got four interfaces (FE) only one was shown.
| 1 ATM network interface(s)
| 128K bytes of non-volatile configuration memory.
| 12288K bytes of processor board System flash (Read/Write)
| 2048K bytes of processor board Web flash (Read/Write)
|
| vpdn-group 1
| request-dialin
| protocol pppoe
|
| crypto isakmp policy 1
| authentication pre-share
| crypto isakmp key 2 [aAGacbdEgEcLPYXRE^AAZZ``\Qf address 10.132.149.195
|
| crypto ipsec transform-set dmvpnset ah-sha-hmac
|
| crypto map vpnmap 10 ipsec-isakmp
| set peer 10.132.149.195
| set security-association level per-host
| set transform-set dmvpnset
| match address 120
|
| interface Tunnel2
| bandwidth 3072
| ip address 10.132.96.168 255.255.255.128
| no ip redirects
| ip mtu 1524
| ip nhrp authentication dmvpn2
| ip nhrp map multicast dynamic
| ip nhrp map multicast 10.132.149.195
| ip nhrp map 10.132.96.130 10.132.149.195
| ip nhrp network-id 2
| ip nhrp holdtime 300
| ip nhrp nhs 10.132.96.130
| no ip mroute-cache
| tunnel source Dialer0
| tunnel destination 10.132.149.195
| tunnel key 2
| crypto map vpnmap
|
| interface ATM0
| no ip address
| no atm ilmi-keepalive
| pvc 0/16 ilmi
|
| pvc 0/100
| encapsulation aal5mux ppp dialer
| dialer pool-member 1
| bundle-enable
| dsl operating-mode auto
|
| interface Dialer0
| ip address negotiated
| encapsulation ppp
| dialer pool 1
| ppp authentication pap callin
| ppp pap sent-username testac at nts_trial password 7 23451E010Z04091932
| crypto map vpnmap
| _______________________________________________
| cisco-nsp mailing list cisco-nsp at puck.nether.net
| https://puck.nether.net/mailman/listinfo/cisco-nsp
| archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Regards,
Raymond Ho
E-mail: raymondh at sg.freebsd.org
Web: http://www.freebsd.org
----------
Key ID 478C4F42
Fingerprint = 9128 015E 53D0 5D96 70FC 198B 934B 5A9F 478C 4F42
"The only thing necessary for the truimph of evil is for good men to do nothing."
-- Edmund Burke (1729 - 1797)
More information about the cisco-nsp
mailing list