[c-nsp] IPSEC site to site
M K
gunner_200 at live.com
Sun Sep 15 08:35:38 EDT 2013
Hi all , I am trying to simulate IPSEC VPN on GNS3R3 f1/0 - R1 f2/0 - R1 s1/0 - R2 s1/0 - R2 f2/0 - R4 f1/0
Below is my configuration
R1crypto isakmp policy 1 encr aes 128 hash sha authentication pre-share group 2 lifetime 86400crypto isakmp key cisco address 192.1.12.2 no-xauth!!crypto ipsec transform-set SET esp-aes esp-sha-hmac!crypto map MAP 1 ipsec-isakmp set peer 192.1.12.2 set transform-set SET match address 100
access-list 100 permit ip 192.168.13.0 0.0.0.255 10.1.24.0 0.0.0.255
int s1/0crypto map MAP
R2!crypto isakmp policy 1 encr aes 128 hash sha authentication pre-share group 2 lifetime 86400crypto isakmp key cisco address 192.1.12.1 no-xauth!!crypto ipsec transform-set SET esp-aes esp-sha-hmac!crypto map MAP 1 ipsec-isakmp set peer 192.1.12.1 set transform-set SET match address 101
access-list 101 permit ip 10.1.24.0 0.0.0.255 192.168.13.0 0.0.0.255
int s1/0crypto map MAP
I got the message *Sep 15 14:29:07.255: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
But nothing is working R3#ping 10.1.24.4Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.24.4, timeout is 2 seconds:.....Success rate is 0 percent (0/5)
R4#ping 192.168.13.3Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.13.3, timeout is 2 seconds:.....Success rate is 0 percent (0/5)
R1#sh crypto isakmp sa IPv4 Crypto ISAKMP SAdst src state conn-id status
IPv6 Crypto ISAKMP SA
R1#
R2#sh crypto isakmp sa IPv4 Crypto ISAKMP SAdst src state conn-id status
IPv6 Crypto ISAKMP SA
R2#
What is missing ?
Thanks
More information about the cisco-nsp
mailing list