09-17-2010 05:41 AM
HI all,
i have a 877 which im trying to set up a vpn to a 527 up with, i thought id set up everything on both ends right, but obviously as its not up im wrong
ive proveided all config and screens of everything below if someone could point me in the right direction?
Thanks
IKE DETAILS
IPSEC DETAILS
DISCONNECT STATUS
09-17-2010 07:08 AM
If you want to troubleshooting this specific tunnel you can do a degug conditioner:
debug crypto condition
debug crypto isakmp
debug cry ipsec
Federico.
09-17-2010 07:10 AM
i cant do any debugs on the 527, i cant ssh into it, im tryign to find out what cisco set the default ssh user/password too, ive tried all the oens that let me log into the gui
but nothing :S
09-17-2010 07:17 AM
While finding that out you can do debugs on the 877.
Maybe we can see where the problem is (but we definitely need access to the 527 as well)
Federico.
09-17-2010 07:21 AM
heres whats come out so far...
CWCH#term mon
*Jul 1 01:50:31.512: ISAKMP:(2803):purging node -1079951141
*Jul 1 01:50:31.884: ISAKMP (0:2803): received packet from 83.xxx.xxx.xxx dport 500 sport 500 Global (I) QM_IDLE
*Jul 1 01:50:31.884: ISAKMP: set new node -666053151 to QM_IDLE
*Jul 1 01:50:31.884: ISAKMP:(2803): processing HASH payload. message ID = -666053151
*Jul 1 01:50:31.884: ISAKMP:(2803): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = -666053151, sa = 838C7388
*Jul 1 01:50:31.884: ISAKMP:(2803):deleting node -666053151 error FALSE reason "Informational (in) state 1"
*Jul 1 01:50:31.888: ISAKMP:(2803):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
*Jul 1 01:50:31.888: ISAKMP:(2803):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
*Jul 1 01:50:31.888: ISAKMP:(2803):DPD/R_U_THERE received from peer 83.xxx.xxx.xxx, sequence 0x3B69
*Jul 1 01:50:31.888: ISAKMP: set new node 1725446749 to QM_IDLE
*Jul 1 01:50:31.888: ISAKMP:(2803):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 2209387400, message ID = 1725446749
*Jul 1 01:50:31.888: ISAKMP:(2803): seq. no 0x3B69
*Jul 1 01:50:31.888: ISAKMP:(2803): sending packet to 83.xxx.xxx.xxx my_port 500 peer_port 500 (I) QM_IDLE
*Jul 1 01:50:31.888: ISAKMP:(2803):Sending an IKE IPv4 Packet.
*Jul 1 01:50:31.888: ISAKMP:(2803):purging node 1725446749
CWCH#term mon
CWCH#
*Jul 1 01:50:31.888: ISAKMP:(2803):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
*Jul 1 01:50:31.892: ISAKMP:(2803):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
CWCH#
*Jul 1 01:50:41.596: ISAKMP:(2803):purging node -1045405557
*Jul 1 01:50:41.948: ISAKMP (0:2803): received packet from 83.xxx.xxx.xxx dport 500 sport 500 Global (I) QM_IDLE
*Jul 1 01:50:41.948: ISAKMP: set new node 118328039 to QM_IDLE
*Jul 1 01:50:41.948: ISAKMP:(2803): processing HASH payload. message ID = 118328039
*Jul 1 01:50:41.948: ISAKMP:(2803): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 118328039, sa = 838C7388
*Jul 1 01:50:41.948: ISAKMP:(2803):deleting node 118328039 error FALSE reason "Informational (in) state 1"
*Jul 1 01:50:41.948: ISAKMP:(2803):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
*Jul 1 01:50:41.948: ISAKMP:(2803):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
*Jul 1 01:50:41.948: ISAKMP:(2803):DPD/R_U_THERE received from peer 83.xxx.xxx.xxx, sequence 0x3B6A
*Jul 1 01:50:41.952: ISAKMP: set new node 370293022 to QM_IDLE
*Jul 1 01:50:41.952: ISAKMP:(2803):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 2209387400, message ID = 370293022
*Jul 1 01:50:41.952: ISAKMP:(2803): seq. no 0x3B6A
*Jul 1 01:50:41.952: ISAKMP:(2803): sending packet to 83.xxx.xxx.xxx my_port 500 peer_port 500 (I) QM_IDLE
*Jul 1 01:50:41.952: ISAKMP:(2803):Sending an IKE IPv4 Packet.
*Jul 1 01:50:41.952: ISAKMP:(2803):purging node 370293022
CWCH#
*Jul 1 01:50:41.952: ISAKMP:(2803):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
*Jul 1 01:50:41.952: ISAKMP:(2803):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
CWCH#
*Jul 1 01:50:51.648: ISAKMP:(2803):purging node -568084969
*Jul 1 01:50:52.008: ISAKMP (0:2803): received packet from 83.xxx.xxx.xxx dport 500 sport 500 Global (I) QM_IDLE
*Jul 1 01:50:52.012: ISAKMP: set new node -1159016822 to QM_IDLE
*Jul 1 01:50:52.012: ISAKMP:(2803): processing HASH payload. message ID = -1159016822
*Jul 1 01:50:52.012: ISAKMP:(2803): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = -1159016822, sa = 838C7388
*Jul 1 01:50:52.012: ISAKMP:(2803):deleting node -1159016822 error FALSE reason "Informational (in) state 1"
*Jul 1 01:50:52.012: ISAKMP:(2803):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
*Jul 1 01:50:52.012: ISAKMP:(2803):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
*Jul 1 01:50:52.012: ISAKMP:(2803):DPD/R_U_THERE received from peer 83.xxx.xxx.xxx, sequence 0x3B6B
*Jul 1 01:50:52.012: ISAKMP: set new node 187421639 to QM_IDLE
*Jul 1 01:50:52.012: ISAKMP:(2803):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 2209387400, message ID = 187421639
*Jul 1 01:50:52.012: ISAKMP:(2803): seq. no 0x3B6B
*Jul 1 01:50:52.016: ISAKMP:(2803): sending packet to 83.xxx.xxx.xxx my_port 500 peer_port 500 (I) QM_IDLE
*Jul 1 01:50:52.016: ISAKMP:(2803):Sending an IKE IPv4 Packet.
*Jul 1 01:50:52.016: ISAKMP:(2803):purging node 187421639
CWCH#
*Jul 1 01:50:52.016: ISAKMP:(2803):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
*Jul 1 01:50:52.016: ISAKMP:(2803):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
CWCH#
*Jul 1 01:51:01.708: ISAKMP:(2803):purging node 887448330
*Jul 1 01:51:02.084: ISAKMP (0:2803): received packet from 83.xxx.xxx.xxx dport 500 sport 500 Global (I) QM_IDLE
*Jul 1 01:51:02.084: ISAKMP: set new node 171009363 to QM_IDLE
*Jul 1 01:51:02.084: ISAKMP:(2803): processing HASH payload. message ID = 171009363
*Jul 1 01:51:02.084: ISAKMP:(2803): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 171009363, sa = 838C7388
*Jul 1 01:51:02.084: ISAKMP:(2803):deleting node 171009363 error FALSE reason "Informational (in) state 1"
*Jul 1 01:51:02.084: ISAKMP:(2803):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
*Jul 1 01:51:02.084: ISAKMP:(2803):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
*Jul 1 01:51:02.088: ISAKMP:(2803):DPD/R_U_THERE received from peer 83.xxx.xxx.xxx, sequence 0x3B6C
*Jul 1 01:51:02.088: ISAKMP: set new node -88628093 to QM_IDLE
*Jul 1 01:51:02.088: ISAKMP:(2803):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 2209387400, message ID = -88628093
*Jul 1 01:51:02.088: ISAKMP:(2803): seq. no 0x3B6C
*Jul 1 01:51:02.088: ISAKMP:(2803): sending packet to 83.xxx.xxx.xxx my_port 500 peer_port 500 (I) QM_IDLE
*Jul 1 01:51:02.088: ISAKMP:(2803):Sending an IKE IPv4 Packet.
*Jul 1 01:51:02.088: ISAKMP:(2803):purging node -88628093
CWCH#
*Jul 1 01:51:02.088: ISAKMP:(2803):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
*Jul 1 01:51:02.088: ISAKMP:(2803):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
CWCH#
*Jul 1 01:51:11.824: ISAKMP:(2803):purging node 1063543416
*Jul 1 01:51:12.156: ISAKMP (0:2803): received packet from 83.xxx.xxx.xxx dport 500 sport 500 Global (I) QM_IDLE
*Jul 1 01:51:12.156: ISAKMP: set new node 656966009 to QM_IDLE
*Jul 1 01:51:12.156: ISAKMP:(2803): processing HASH payload. message ID = 656966009
*Jul 1 01:51:12.156: ISAKMP:(2803): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 656966009, sa = 838C7388
*Jul 1 01:51:12.156: ISAKMP:(2803):deleting node 656966009 error FALSE reason "Informational (in) state 1"
*Jul 1 01:51:12.156: ISAKMP:(2803):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
*Jul 1 01:51:12.156: ISAKMP:(2803):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
*Jul 1 01:51:12.160: ISAKMP:(2803):DPD/R_U_THERE received from peer 83.xxx.xxx.xxx, sequence 0x3B6D
*Jul 1 01:51:12.160: ISAKMP: set new node -1522085054 to QM_IDLE
*Jul 1 01:51:12.160: ISAKMP:(2803):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 2209387400, message ID = -1522085054
*Jul 1 01:51:12.160: ISAKMP:(2803): seq. no 0x3B6D
*Jul 1 01:51:12.160: ISAKMP:(2803): sending packet to 83.xxx.xxx.xxx my_port 500 peer_port 500 (I) QM_IDLE
*Jul 1 01:51:12.160: ISAKMP:(2803):Sending an IKE IPv4 Packet.
*Jul 1 01:51:12.160: ISAKMP:(2803):purging node -1522085054
CWCH#
*Jul 1 01:51:12.160: ISAKMP:(2803):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
*Jul 1 01:51:12.160: ISAKMP:(2803):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
09-17-2010 08:29 AM
Hello,
Try changing your local group ip address and remote group ip address in the GUI to be the networks and not host IP addresses, you're probably getting a proxy ID issue.
09-17-2010 08:36 AM
i tried that soon as i put in 172.30.2.0 in there it says its invalid :S so i had to put 172.30.2.254 in there, btu it should ignore that with the subnet mask in there anyway?
09-17-2010 08:48 AM
Hi,
Can you paste the output of "show crypto ipsec sa peer
IPSEC FLOW: permit 47 host xxx.xxx.xxx.xxx host 8x.xxx.xxx.xxx
This seems to be using GRE over IPSec. Also, if you can paste the entire output of "show run" with changed IP addresses, it would be great.
Regards,
Prapanch
09-20-2010 01:29 AM
interface: Dialer1
Crypto map tag: RemoteVPNS, local addr 7x.xxx.xxx.xxx
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.101.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (172.30.2.0/255.255.255.0/0/0)
current_peer 8x.xxx.xxx.xxx port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 755, #pkts encrypt: 755, #pkts digest: 755
#pkts decaps: 403, #pkts decrypt: 403, #pkts verify: 403
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 336, #recv errors 0
local crypto endpt.: 7x.xxx.xxx.xxx, remote crypto endpt.: 8x.xxx.xxx.xxx
path mtu 1500, ip mtu 1500, ip mtu idb Dialer1
current outbound spi: 0x0(0)
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
interface: Virtual-Access3
Crypto map tag: RemoteVPNS, local addr 7x.xxx.xxx.xxx
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.101.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (172.30.2.0/255.255.255.0/0/0)
current_peer 8x.xxx.xxx.xxx port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 755, #pkts encrypt: 755, #pkts digest: 755
#pkts decaps: 403, #pkts decrypt: 403, #pkts verify: 403
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 336, #recv errors 0
local crypto endpt.: 7x.xxx.xxx.xxx, remote crypto endpt.: 8x.xxx.xxx.xxx
path mtu 1500, ip mtu 1500, ip mtu idb Dialer1
current outbound spi: 0x0(0)
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
######################################### CONFIG ################################################
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CWCH
!
boot-start-marker
boot-end-marker
!
logging buffered 8192
enable secret 5
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login NO_LOGIN none
aaa authentication login admin local
aaa authentication login RA_AUTH group radius local
aaa authorization network RA_CWORKS local
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-264716771
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-264716771
revocation-check none
rsakeypair TP-self-signed-264716771
ip cef
!
!
ip dhcp smart-relay
no ip dhcp relay information check
!
!
ip domain name local
ip name-server 192.168.101.1
ip name-server 213.249.130.100
ip dhcp-server 192.168.101.1
login block-for 180 attempts 5 within 60
login delay 2
login quiet-mode access-class QUIETMODE
login on-failure log every 3
!
multilink bundle-name authenticated
!
!
username privilege 15 secret 5
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 15
encr 3des
authentication pre-share
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
lifetime 7800
crypto isakmp key xxx address 0.0.0.0 0.0.0.0
crypto isakmp fragmentation
crypto isakmp keepalive 10 4
crypto isakmp nat keepalive 30
!
crypto isakmp client configuration group RA_CWORKS
key
dns 192.168.101.1
domain works.local
pool vpnclient
crypto isakmp profile VPNclient
match identity group RA_CWORKS
client authentication list RA_AUTH
isakmp authorization list RA_CWORKS
client configuration address respond
virtual-template 1
!
crypto ipsec security-association idle-time 86400
!
crypto ipsec transform-set DMVPN_SET esp-3des esp-sha-hmac
mode transport
crypto ipsec transform-set RemoteVPNS ah-sha-hmac esp-3des
!
crypto ipsec profile DMVPN
set transform-set DMVPN_SET
!
!
crypto dynamic-map RemoteVPNS 30
set transform-set DMVPN_SET
set isakmp-profile VPNclient
reverse-route
!
crypto dynamic-map VPN 5
set transform-set DMVPN_SET
set isakmp-profile VPNclient
reverse-route
!
!
crypto map RemoteVPNS 10 ipsec-isakmp
set peer 8x.xxx.xxx.xxx
set transform-set RemoteVPNS
match address TraceyVPN
crypto map RemoteVPNS 20 ipsec-isakmp
set peer
set transform-set DMVPN_SET
match address JuneVPN
!
crypto map VPN 1 ipsec-isakmp dynamic VPN
!
archive
log config
hidekeys
!
!
ip ssh version 2
!
!
!
interface Loopback0
ip address 192.168.250.1 255.255.255.0
!
interface Tunnel1
ip address 192.168.100.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication
ip nhrp map multicast dynamic
ip nhrp network-id 100
ip nhrp holdtime 450
ip tcp adjust-mss 1360
no ip split-horizon eigrp 100
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key 100
tunnel protection ipsec profile DMVPN
!
interface ATM0
description PPP DIALER TO KAROO
no ip address
no atm ilmi-keepalive
pvc 1/50
dialer pool-member 1
protocol ppp dialer
!
dsl operating-mode auto
!
interface FastEthernet0
description Suite 1 WLAN
!
interface FastEthernet1
description Suite 2 WLAN
switchport access vlan 2
!
interface FastEthernet2
description Suite 2 LAN
switchport access vlan 101
!
interface FastEthernet3
description Suite 2 Firewall
switchport access vlan 201
!
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
tunnel mode ipsec ipv4
tunnel protection ipsec profile DMVPN
!
interface Vlan1
ip address 192.168.11.254 255.255.255.0
ip helper-address 192.168.101.1
ip nat inside
ip virtual-reassembly
!
interface Vlan101
ip address 192.168.101.254 255.255.255.0
ip helper-address 192.168.101.1
ip nat inside
ip virtual-reassembly
!
interface Vlan2
ip address 192.168.12.254 255.255.255.0
ip helper-address 192.168.101.1
ip nat inside
ip virtual-reassembly
!
interface Vlan201
ip address 192.168.201.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer1
ip address negotiated
ip access-group REMOTE_OP in
ip nat outside
ip virtual-reassembly
encapsulation ppp
load-interval 30
dialer pool 1
no cdp enable
ppp chap hostname
ppp chap password 7
crypto map RemoteVPNS
!
router eigrp 100
redistribute static
network 192.168.11.0
network 192.168.12.0
network 192.168.100.0
network 192.168.101.0
no auto-summary
!
ip local pool vpnclient 192.168.250.2 192.168.250.10
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list EXTERNAL_ACCESS interface Dialer1 overload
ip nat inside source static tcp 192.168.11.99 54321 interface Dialer1 54321
ip nat inside source static tcp 192.168.201.1 80 interface Dialer1 80
ip nat inside source static tcp 192.168.201.1 3306 interface Dialer1 3306
ip nat inside source static tcp 192.168.201.1 25 interface Dialer1 25
ip nat inside source static tcp 192.168.201.1 443 interface Dialer1 443
!
ip access-list extended EXTERNAL_ACCESS
deny ip 192.168.101.0 0.0.0.255 172.30.2.0 0.0.0.255
deny ip 192.168.101.0 0.0.0.255 172.30.3.0 0.0.0.255
permit tcp any any eq smtp
permit tcp any any eq 443
permit ip 192.168.11.0 0.0.0.255 any
permit ip 192.168.12.0 0.0.0.255 any
permit ip 192.168.101.0 0.0.0.255 any
permit ip 192.168.201.0 0.0.0.255 any
permit ip 192.168.250.0 0.0.0.255 any
deny ip any any
ip access-list extended JuneVPN
permit ip 192.168.101.0 0.0.0.255 172.30.3.0 0.0.0.255
ip access-list extended REMOTE_OP
permit tcp 192.168.11.0 0.0.0.255 any eq 22
permit tcp 192.168.12.0 0.0.0.255 any eq 22
permit tcp 192.168.101.0 0.0.0.255 any eq 22
permit tcp 192.168.102.0 0.0.0.255 any eq 22
permit tcp 192.168.103.0 0.0.0.255 any eq 22
permit tcp 192.168.104.0 0.0.0.255 any eq 22
permit tcp 172.30.1.0 0.0.0.255 any eq 22
permit tcp 172.30.2.0 0.0.0.255 any eq 22
permit tcp 192.168.250.0 0.0.0.255 any eq 22
deny tcp any any eq 22
deny tcp any host 192.168.101.254 eq telnet
deny tcp any host 192.168.200.254 eq telnet
permit ip any any
ip access-list extended TraceyVPN
permit ip 192.168.101.0 0.0.0.255 172.30.2.0 0.0.0.255
!
no cdp run
!
!
!
radius-server host 192.168.101.10 auth-port 1812 acct-port 1813 key 7
!
control-plane
!
banner motd
09-20-2010 06:17 AM
Hi Alex,
It looks like the VPN tunnel was not up at the moment you collected these outputs. but when the tunnel was up, traffic seems to have been passing through it as i can see the counters are non-zero. Please paste the output when the VPN tunnel is up and you are trying to send some traffic through it.
Also, if it's possible, my suggestion will be to open up a case with TAC as access to the device will be much more helpful in getting to the root of the issue.
Thanks and Regards,
Prapanch
09-20-2010 07:33 AM
the vpn has never been up, dont know where that traffic thinks its coming from
i tried pinging 172.30.2.254 to see if that generated anythign but the counters remained at zero
my TAC has run out, im goign to get it renewed today and ill see if can get some credentials for ssh
09-21-2010 02:50 AM
ok ive left it a while and it now some traffic is on it for some reason, yet the vpn is still down and there i cant ping the other router
CWCH#sh crypto ipsec sa peer 8x.xxx.xxx.xxx
interface: Dialer1
Crypto map tag: RemoteVPNS, local addr 7x.xxx.xxx.xxx
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.101.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (172.30.2.0/255.255.255.0/0/0)
current_peer 8x.xxx.xxx.xxx port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 229, #pkts encrypt: 229, #pkts digest: 229
#pkts decaps: 180, #pkts decrypt: 180, #pkts verify: 180
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 131, #recv errors 0
local crypto endpt.: 7x.xxx.xxx.xxx, remote crypto endpt.: 8x.xxx.xxx.xxx
path mtu 1500, ip mtu 1500, ip mtu idb Dialer1
current outbound spi: 0x0(0)
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
interface: Virtual-Access3
Crypto map tag: RemoteVPNS, local addr 7x.xxx.xxx.xxx
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.101.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (172.30.2.0/255.255.255.0/0/0)
current_peer 8x.xxx.xxx.xxx port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 229, #pkts encrypt: 229, #pkts digest: 229
#pkts decaps: 180, #pkts decrypt: 180, #pkts verify: 180
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 131, #recv errors 0
local crypto endpt.: 7x.xxx.xxx.xxx, remote crypto endpt.: 8x.xxx.xxx.xxx
path mtu 1500, ip mtu 1500, ip mtu idb Dialer1
current outbound spi: 0x0(0)
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
09-22-2010 01:28 AM
does this information help?
im still struggling to get the connection up
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: