[c-nsp] IPSEC VPN

Mohammad Khalil eng_mssk at hotmail.com
Thu Dec 24 07:54:34 EST 2009 

hi all

i have the following topology
router1 F0/0 --> F0/0 router2 S0/0 --> S0/0 router3 S0/1 --> s0/0 router4 F0/0 --> router5 F0/0

below is the configuration:
router1:
interface FastEthernet0/0
 ip address 192.168.1.100 255.255.255.0
 no ip route-cache
 speed 100
 full-duplex

router2:
crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key cisco address 92.62.113.1 no-xauth

crypto ipsec transform-set kulacom esp-des esp-md5-hmac 

crypto map MAP 10 ipsec-isakmp 
 set peer 92.62.113.1
 set transform-set kulacom 
 match address 110

interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 speed 100
 full-duplex
!
interface Serial0/0
 ip address 212.118.0.1 255.255.255.0
 clock rate 64000
 crypto map MAP
!
router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 network 2.2.2.2 0.0.0.0 area 0
 network 212.118.0.1 0.0.0.0 area 0

access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

router3:
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface Serial0/0
 ip address 212.118.0.2 255.255.255.0
!
interface Serial0/1
 ip address 92.62.113.2 255.255.255.0

router ospf 1
 router-id 3.3.3.3
 log-adjacency-changes
 network 3.3.3.3 0.0.0.0 area 0
 network 92.62.113.2 0.0.0.0 area 0
 network 212.118.0.2 0.0.0.0 area 0

router4:
crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key cisco address 212.118.0.1 no-xauth
!
!
crypto ipsec transform-set kulacom esp-des esp-md5-hmac 
!
crypto map MAP 10 ipsec-isakmp 
 set peer 212.118.0.1
 set transform-set kulacom 
 match address 120

interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.2.1 255.255.255.0
 speed 100
 full-duplex
!
interface Serial0/0
 ip address 92.62.113.1 255.255.255.0
 crypto map MAP

!
router ospf 1
 router-id 4.4.4.4
 log-adjacency-changes
 network 4.4.4.4 0.0.0.0 area 0
 network 92.62.113.1 0.0.0.0 area 0
!         
access-list 120 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

router5:
interface FastEthernet0/0
 ip address 192.168.2.100 255.255.255.0
 no ip route-cache
 speed 100
 full-duplex

the IPSEC is not established and nothing appears when issuing the command show crypto isakmp sa
and neither the ping from both sides is successful

am i missing anything here ?

thanks in advance














 		 	   		  
_________________________________________________________________
Keep your friends updated—even when you’re not signed in.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_5:092010

More information about the cisco-nsp mailing list