[c-nsp] IPSEC site to site

M K gunner_200 at live.com
Mon Sep 16 03:27:17 EDT 2013 

Thanks Ernest , I had a problem in routing and it's solved now
Thanks again

Date: Sun, 15 Sep 2013 09:22:52 -0400
Subject: Re: [c-nsp] IPSEC site to site
From: emccaleb at gmail.com
To: gunner_200 at live.com
CC: cisco-nsp at puck.nether.net

MK,
It is a bit hard for me to interpret the output(formatting off on my computer), but do you have routes to the 192.168.13.3 and 10.1.24.4 hosts?  Also, whats the output when you debug ISAKMP?

E

42,

Ernest McCaleb
 
- Just when you think you know the answers, I change the questions. -- "Rowdy" Roddy Piper



On Sun, Sep 15, 2013 at 8:35 AM, M K <gunner_200 at live.com> wrote:

Hi all , I am trying to simulate IPSEC VPN on GNS3R3 f1/0 - R1 f2/0 - R1 s1/0 - R2 s1/0 - R2 f2/0 - R4 f1/0

Below is my configuration

R1crypto isakmp policy 1 encr aes 128 hash sha authentication pre-share group 2 lifetime 86400crypto isakmp key cisco address 192.1.12.2 no-xauth!!crypto ipsec transform-set SET esp-aes esp-sha-hmac!crypto map MAP 1 ipsec-isakmp  set peer 192.1.12.2 set transform-set SET  match address 100


access-list 100 permit ip 192.168.13.0 0.0.0.255 10.1.24.0 0.0.0.255

int s1/0crypto map MAP

R2!crypto isakmp policy 1 encr aes 128 hash sha authentication pre-share group 2 lifetime 86400crypto isakmp key cisco address 192.1.12.1 no-xauth!!crypto ipsec transform-set SET esp-aes esp-sha-hmac!crypto map MAP 1 ipsec-isakmp  set peer 192.1.12.1 set transform-set SET  match address 101


access-list 101 permit ip 10.1.24.0 0.0.0.255 192.168.13.0 0.0.0.255

int s1/0crypto map MAP

I got the message *Sep 15 14:29:07.255: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON

But nothing is working R3#ping 10.1.24.4Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.24.4, timeout is 2 seconds:.....Success rate is 0 percent (0/5)

R4#ping 192.168.13.3Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.13.3, timeout is 2 seconds:.....Success rate is 0 percent (0/5)

R1#sh crypto isakmp sa IPv4 Crypto ISAKMP SAdst             src             state          conn-id status

IPv6 Crypto ISAKMP SA

R1#

R2#sh crypto isakmp sa IPv4 Crypto ISAKMP SAdst             src             state          conn-id status

IPv6 Crypto ISAKMP SA

R2#

What is missing ?

Thanks

_______________________________________________

cisco-nsp mailing list  cisco-nsp at puck.nether.net

https://puck.nether.net/mailman/listinfo/cisco-nsp

archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list