10-09-2008 03:18 AM
Hi,
i'm stuggling from last 1 week to create successful VPN tunnel between each router in a tree type router network.I've tried md5 with 3des but i'm failed.someone suggest me to use gre tunnel with ipsec from this forum.Now i'm still unable to create successful gre tunnel between two routers in ospf routing environment.
I'm sending my configuration.Kindly check it if it is wrong give me right configuration of VPN tunnel in ospf routing environment between tro routers.
10-09-2008 03:48 AM
add this on the routers
crypto isakmp policy 10
encryption des
now u have problem with ur ospf
u need to advertise the internal netowrk and the tunnels networks as well only
u done need to include the external IP address
remove it and add the tuneel network
also for the gre ACL i would suggest u to make source from internal network to remote site internal network
good luck
if helpful Rate
10-10-2008 05:10 AM
sir,
I have tried to follow your suggestions.actaully i'm very new in VPN tunnel.I'm sending my current tried configuration.
Now i'm able to create ipsec tunnel with GRE but data is not encrypted or decrypted and also a error message comes in 56 sec.
%cypto-6-isakmp_mode_failure:processing of informational mode failed with peer at xx.xx.xx.xx .
Dear Sir,Kindly help me to currect my configuration.Please update in my configuration.
10-10-2008 05:52 AM
Hi Siddhartha,
Add following Static routes on the FHQ and Gandhinagar routers and posts results:
hostname FHQ
ip route 170.143.0.0 255.255.255.0 Serial0/0/1
hostname Gandhinagar
ip route 200.100.1.1 255.255.255.0 Serial0/0/0
HTH
Saju
Pls rate helpful posts
10-10-2008 10:56 PM
I'm still unable to short out problem.
same error is coming and data is not encrypted or decrypted.
My humble request to test these senarios and then suggest me.
i'm waiting your reply.
10-14-2008 10:08 AM
Hi Siddhartha,
If you have added the two routes as i mentioned above , can you remove following commands from the the two routers and then check:
FHQ
no crypto map mymap local-address FastEthernet0/1
Gandhinagar
no crypto map mymap local-address GigabitEthernet0/0
10-15-2008 05:53 AM
Hi Siddhartha,
According to me there is a lot of mistakes in your config. If you really want to sort this out just give me a time from 11:00am to 1:00pm tuesday to sunday so that we can chat on my yahoo masenger my id is gcsnetexpert@yahoo.in or call me on +91-9412222016 cos i have to ask a lot of question to sort this matter.
Regards,
Anurag
10-17-2008 12:58 AM
saju,
kindly send me a sample configuration of GRE tunnel with IPSEC between two routers.that will be very helpful to me...
waiting for your response....
regds
siddhartha
10-11-2008 02:35 AM
try to do the following
on BOTH routers
crypto isakmp identity address
crypto isakmp policy 10
hash md5
authentication pre-share
encryption des
group 2
change the ACLs as following:
access-list 100 permit gre 200.100.1.0.0.0.255 170.143.0.0 0.0.0.255
on the other router:
access-list 100 permit gre 170.143.0.0 0.0.0.255 200.100.1.0 0.0.0.255
good luck
10-11-2008 06:12 AM
As per my knowledge there is some problem with access-list 100 you should use intrusting traffic source and destination addresses in access-list 100 rather then peer address because this is a vpn access-list no the normnal access-list applied on any ionterface.
10-16-2008 02:20 AM
isnt ipsec has issue with multicast? ospf uses muliticast to discover a neighbor.
10-17-2008 12:53 AM
hi,
kindly send me a tested configuration sample of gre tunnel with IPSEC between two routers.That will be very helpful to me.
10-20-2008 11:59 PM
hope this helps.
just a little tweak on firewall and router.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800a43f6.shtml
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: