02-04-2008 04:20 PM - edited 02-21-2020 03:32 PM
I have an 857 Router at both sites,
I cant get the damn VPN to work, i try and debug, but no debug messages even come through, its like the crypto engine doesn't even try to connect?!?
This is my first encounter with cisco and the following has been pieced together off a few white papers.
What have I done wrong?
This is the config in the routers:-
X.X.X.X is the WAN IP address of the remote site.
---------------------------------
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname name
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip dhcp use vrf connected
!
ip dhcp excluded-address 172.16.40.1 172.16.40.20
!
ip dhcp pool CUSTOMER-LAN
network 172.16.40.0 255.255.255.0
default-router 172.16.40.1
dns-server 203.50.2.71 139.130.4.4
!
ip cef
!
ip subnet-zero
ip cef
!
no ip domain lookup
!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
crypto isakmp key keyname address X.X.X.X
crypto ipsec transform-set aesset esp-aes 256 esp-sha-hmac
crypto map aesmap 10 ipsec-isakmp
set peer X.X.X.X
set transform-set aesset
match address acl_vpn
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 172.16.40.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname xxxx@nnnn
ppp chap password 0 xxxx
crypto map aesmap
!
!
ip nat inside source list acl_nat interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 172.16.20.0 255.255.255.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip access-list extended acl_nat
!
!
deny ip 172.16.40.0 0.0.0.255 172.16.20.0 0.0.0.255
permit ip 172.16.40.0 0.0.0.255 any
!
ip access-list extended acl_vpn
permit ip 172.16.40.0 0.0.0.255 172.16.20.0 0.0.0.255
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
!
scheduler max-task-time 5000
end
02-04-2008 08:21 PM
hi,
What ios version are you running?
Thanks
John
02-04-2008 09:56 PM
Site 1:
Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(6)T9, RELEASE SOFTWARE (fc2)
Site 2:
Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(6)T9, RELEASE SOFTWARE (fc2)
02-05-2008 03:12 PM
Hi,
The config you posted show it was created with ios 12.3 Check that some commands haven't been disabled during the save and reboot. Could also be that the routers have a problem with the high encryption you have chosen. Try with 3DES and progressively increase.
thanks
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide