PVN connection with 1700

Answered Question
Dec 11th, 2009

Hey GuY,

                I am setting up  a new remote on 1700 router. I could not find the following command under the tunnel interface :ip nhrp cache non-authoritative.

I upgraded and downgraded the IOS six times already. Can someone point me in the right direction? What is the exact IOS for 1760 that support this feature? I am doing something wrong?


Thanks,


GrandVagabond

Correct Answer by Reza Sharifi about 7 years 2 months ago

Hello Jean,


What version of IOS are you running?

Can you post sh ver?


Reza

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Reza Sharifi Fri, 12/11/2009 - 15:09

Hello Jean,


What version of IOS are you running?

Can you post sh ver?


Reza

Jean Paul Enerst Fri, 12/11/2009 - 15:39

I have tried 12.4(13b), 12.4.(17) c1700-advsecurityk9-mz.123-20a.bin,c1700-advsecurityk9-mz.124-12.bin.


trere is the config below:


version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname VPN-Carl
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
aaa authorization network localgroups local
!
!
aaa session-id common
memory-size iomem 25
ip cef
no ip dhcp use vrf connected
no ip dhcp conflict logging

!
ip dhcp pool Contractor
   network x.x.x.0 255.255.255.0
   dns-server x.x.x.x
   default-router x.x.x.x
   netbios-name-server x.x.x.x
!
ip dhcp pool DHCPPOOL-Voice
   network y.y.y. 255.255.255.0
   option 150 ip y.y.y.y
   default-router y.y.y.y
   dns-server y.y.y.y
!
!
no ip domain lookup
!
!
!
!
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key 543b33rg0gles!8199 address z.z.z.z no-xauth
crypto isakmp keepalive 20 3
!
!
crypto ipsec transform-set cvp esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile nocvpn
set transform-set vpn
!
!
!
!
!
interface Tunnel1
bandwidth 1000
ip address t.t.t.t 255.255.255.240
no ip redirects
ip mtu 1436
ip nhrp authentication nocvpn
ip nhrp map multicast t.t.t.t
ip nhrp map y.y.y.y z.z.z.z
ip nhrp network-id 8199
ip nhrp nhs y.y.y.y
delay 1000
tunnel source FastEthernet4
tunnel mode gre multipoint
tunnel key 543403819
tunnel protection ipsec profile nocvpn
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
switchport access vlan 2
!
interface FastEthernet4
ip address dhcp
duplex auto
speed auto
!


ip http server
no ip http secure-server
!
access-list 20 permit 192.x.r.0 0.0.0.255
access-list 20 permit 10.x.0.0 0.0.255.255
access-list 20 deny   any
!
!
!
control-plane
!
!
line con 0
exec-timeout 999 0
no modem enable
line aux 0
line vty 0 4
access-class 20 in
exec-timeout 5 0
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
end

Jean Paul Enerst Fri, 12/11/2009 - 15:54

This iswhen I downgraded the unit to 12.3 . Cisco web site claims that the command : ip nhrp cache non-authoritative this command was introduced in 12.3(7T): https://www.cisco.com/en/US/docs/ios/security/command/reference/sec_i2.html .


Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-ADVSECURITYK9-M), Version 12.3(13b), RELEASE SOFT
WARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Thu 11-Aug-05 13:18 by alnguyen
Image text-base: 0x8000816C, data-base: 0x81009648

ROM: System Bootstrap, Version 12.2(4r)XL, RELEASE SOFTWARE (fc1)
ROM: C1700 Software (C1700-ADVSECURITYK9-M), Version 12.3(13b), RELEASE SOFTWARE
(fc2)

GP-OFFICE uptime is 0 minutes
System returned to ROM by power-on
System restarted at 06:46:49 UTC Wed May 11 2005
System image file is "flash:c1700-advsecurityk9-mz.123-13b.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html you require further assistance please contact us by sending email to
[email protected] 1760 (MPC860P) processor (revision 0x200) with 49152K/16384K bytes of memo
ry.
Processor board ID FOC07100SML (2976509824), with hardware revision BB67
MPC860P processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
1 FastEthernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
32768K bytes of processor board System flash (Read/Write)

If

cisco

Configuration register is 0x2102

infosateng Sat, 12/12/2009 - 12:13

Now Router is running the follow inmage 12.4(4)T8, but still cannot find the command mentionned above under the tunnel interface. Is there a prerequisit command that I have to type first below this command appears under the tunnel interface??


Cisco IOS Software, C1700 Software (C1700-ADVSECURITYK9-M), Version 12.4(4)T8, R
ELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Fri 10-Aug-07 14:21 by khuie

ROM: System Bootstrap, Version 12.2(4r)XL, RELEASE SOFTWARE (fc1)

GP-OFFICE uptime is 8 minutes
System returned to ROM by reload
System image file is "flash:c1700-advsecurityk9-mz.124-4.T8.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.


Thanks,

Actions

This Discussion