[c-nsp] IPSEC site to site

Ernest McCaleb emccaleb at gmail.com
Sun Sep 15 09:22:52 EDT 2013 

MK,

It is a bit hard for me to interpret the output(formatting off on my
computer), but do you have routes to the 192.168.13.3 and 10.1.24.4 hosts?
 Also, whats the output when you debug ISAKMP?

E

42,

Ernest McCaleb

- Just when you think you know the answers, I change the questions. --
"Rowdy" Roddy Piper


On Sun, Sep 15, 2013 at 8:35 AM, M K <gunner_200 at live.com> wrote:

> Hi all , I am trying to simulate IPSEC VPN on GNS3R3 f1/0 - R1 f2/0 - R1
> s1/0 - R2 s1/0 - R2 f2/0 - R4 f1/0
> Below is my configuration
> R1crypto isakmp policy 1 encr aes 128 hash sha authentication pre-share
> group 2 lifetime 86400crypto isakmp key cisco address 192.1.12.2
> no-xauth!!crypto ipsec transform-set SET esp-aes esp-sha-hmac!crypto map
> MAP 1 ipsec-isakmp  set peer 192.1.12.2 set transform-set SET  match
> address 100
> access-list 100 permit ip 192.168.13.0 0.0.0.255 10.1.24.0 0.0.0.255
> int s1/0crypto map MAP
> R2!crypto isakmp policy 1 encr aes 128 hash sha authentication pre-share
> group 2 lifetime 86400crypto isakmp key cisco address 192.1.12.1
> no-xauth!!crypto ipsec transform-set SET esp-aes esp-sha-hmac!crypto map
> MAP 1 ipsec-isakmp  set peer 192.1.12.1 set transform-set SET  match
> address 101
> access-list 101 permit ip 10.1.24.0 0.0.0.255 192.168.13.0 0.0.0.255
> int s1/0crypto map MAP
> I got the message *Sep 15 14:29:07.255: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is
> ON
> But nothing is working R3#ping 10.1.24.4Type escape sequence to
> abort.Sending 5, 100-byte ICMP Echos to 10.1.24.4, timeout is 2
> seconds:.....Success rate is 0 percent (0/5)
> R4#ping 192.168.13.3Type escape sequence to abort.Sending 5, 100-byte ICMP
> Echos to 192.168.13.3, timeout is 2 seconds:.....Success rate is 0 percent
> (0/5)
> R1#sh crypto isakmp sa IPv4 Crypto ISAKMP SAdst             src
>   state          conn-id status
> IPv6 Crypto ISAKMP SA
> R1#
> R2#sh crypto isakmp sa IPv4 Crypto ISAKMP SAdst             src
>   state          conn-id status
> IPv6 Crypto ISAKMP SA
> R2#
> What is missing ?
> Thanks
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list