10-13-2007 12:10 AM
Hi !
I am trying to setup a site-to-site VPN from a C7613 (122-33.SRB1.bin) to another Cisco device -
using the following commands.
I am sending traffic (which is configured in the ACL) - but no VPN is triggered.
I got failures like " No peer struct to get peer description"
I can not even see traffic to the VPN-Peer Address (monitor port on the physical interface).
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key ********** address xxx.xxx.xxx.xxx
crypto isakmp keepalive 3600
!
!
crypto ipsec transform-set SET1 esp-3des esp-sha-hmac
!
crypto map MAP1 10 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set transform-set SET1
match address 101
MAP1 is bound to a VLAN Interface (crypto map MAP1)
Could you please help me ???
thx
hans
06-10-2008 10:05 AM
I have just encountered the same issue.
How did you resolve yours?
I think it's something to do with ACLs, but I cannot figure it out at the moment!
Any clues?
Chris
06-10-2008 11:31 AM
I figured out the problem.
I needed to generate valid interesting traffic, and since there was a transit network from the router to the core switch stack, I needed to telnet to the core switch and ping the remote network with a valid source interface. e.g. ping 10.202.1.1 source vlan1
Then the VPN tunnel came up!
Chris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide