Cisco router Site-to-Site dvti VPN Configuration

Unanswered Question
May 1st, 2012

HI

Acc i am trying to deploy site to site dynamic vti vpn

i send you my toplogy and config too

its is not working can any please tell me where i am worng..

thankyou

R1#sh run

Building configuration...

Current configuration : 1707 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

ip cef

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

multilink bundle-name authenticated

archive

log config

  hidekeys

!

crypto keyring myvpnkey

  pre-shared-key address 14.1.1.2 key cisco2

  pre-shared-key address 13.1.1.2 key cisco1

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

lifetime 7200

crypto isakmp profile myisakmp

   keyring myvpnkey

   match identity address 13.1.1.2 255.255.255.255

   match identity address 14.1.1.2 255.255.255.255

   virtual-template 1

!

!

crypto ipsec transform-set newt ah-sha-hmac esp-3des esp-sha-hmac

!

crypto ipsec profile myipsec

set security-association lifetime seconds 7200

set transform-set newt

set pfs group2

interface FastEthernet0/0

ip address 192.168.2.1 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0

ip address 11.1.1.1 255.0.0.0

clock rate 2000000

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/1

no ip address

shutdown

clock rate 2000000

!

interface Virtual-Template1 type tunnel

ip unnumbered Serial0/0

tunnel mode ipsec ipv4

tunnel protection ipsec profile myipsec

!

router rip

network 14.0.0.0

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 11.1.1.2

!

!

ip http server

no ip http secure-server

when i run sh ip int b then i see my Virtual-Template1 is down

R1 #sh ip int b

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            192.168.2.1     YES NVRAM  up                    up

Serial0/0                  11.1.1.1        YES NVRAM  up                    up

FastEthernet0/1            unassigned      YES NVRAM  administratively down down

Serial0/1                  unassigned      YES NVRAM  administratively down down

Virtual-Access1            unassigned      YES unset  down                  down

Virtual-Template1          11.1.1.1        YES TFTP   down                  down

=========================================================================================================

and the spoke config is

R5#sh run

Building configuration...

*Mar  1 01:29:41.851: %SYS-5-CONFIG_I: Configured from console by console

Current configuration : 1430 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R5

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

ip cef

!

!

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

multilink bundle-name authenticated

!

archive

log config

  hidekeys

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

lifetime 7200

crypto isakmp key cisco2 address 11.1.1.1

!

!

crypto ipsec transform-set newt ah-sha-hmac esp-3des esp-sha-hmac

!

crypto ipsec profile myipsec

set security-association lifetime seconds 7200

set transform-set newt

set pfs group2

!

interface Tunnel0

ip unnumbered Serial0/0

tunnel source Serial0/0

tunnel destination 11.1.1.1

!

interface FastEthernet0/0

ip address 200.168.2.1 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0

ip address 14.1.1.2 255.0.0.0

clock rate 2000000

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/1

no ip address

shutdown

clock rate 2000000

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 14.1.1.1

ip route 192.168.2.0 255.255.255.0 Tunnel0

!

!

ip http server

no ip http secure-server

control-plane

!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
olpeleri Tue, 05/01/2012 - 22:56

Hello,

At first glance:

On the spoke, tunnel mode ipsec ipv4 and tunnel protection is missing under tunnel0

Actions

Login or Register to take actions

This Discussion

Posted May 1, 2012 at 7:27 AM
Stats:
Replies:1 Avg. Rating:
Views:867 Votes:0
Shares:0
Tags: vpn, site-to-site
+

Related Content

Discussions Leaderboard