cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1213
Views
0
Helpful
1
Replies

Cisco router Site-to-Site dvti VPN Configuration

gaurav bhardwaj
Level 1
Level 1

HI

Acc i am trying to deploy site to site dynamic vti vpn

i send you my toplogy and config too

its is not working can any please tell me where i am worng..

thankyou

R1#sh run

Building configuration...

Current configuration : 1707 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

ip cef

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

multilink bundle-name authenticated

archive

log config

  hidekeys

!

crypto keyring myvpnkey

  pre-shared-key address 14.1.1.2 key cisco2

  pre-shared-key address 13.1.1.2 key cisco1

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

lifetime 7200

crypto isakmp profile myisakmp

   keyring myvpnkey

   match identity address 13.1.1.2 255.255.255.255

   match identity address 14.1.1.2 255.255.255.255

   virtual-template 1

!

!

crypto ipsec transform-set newt ah-sha-hmac esp-3des esp-sha-hmac

!

crypto ipsec profile myipsec

set security-association lifetime seconds 7200

set transform-set newt

set pfs group2

interface FastEthernet0/0

ip address 192.168.2.1 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0

ip address 11.1.1.1 255.0.0.0

clock rate 2000000

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/1

no ip address

shutdown

clock rate 2000000

!

interface Virtual-Template1 type tunnel

ip unnumbered Serial0/0

tunnel mode ipsec ipv4

tunnel protection ipsec profile myipsec

!

router rip

network 14.0.0.0

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 11.1.1.2

!

!

ip http server

no ip http secure-server

when i run sh ip int b then i see my Virtual-Template1 is down

R1 #sh ip int b

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            192.168.2.1     YES NVRAM  up                    up

Serial0/0                  11.1.1.1        YES NVRAM  up                    up

FastEthernet0/1            unassigned      YES NVRAM  administratively down down

Serial0/1                  unassigned      YES NVRAM  administratively down down

Virtual-Access1            unassigned      YES unset  down                  down

Virtual-Template1          11.1.1.1        YES TFTP   down                  down

=========================================================================================================

and the spoke config is

R5#sh run

Building configuration...

*Mar  1 01:29:41.851: %SYS-5-CONFIG_I: Configured from console by console

Current configuration : 1430 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R5

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

ip cef

!

!

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

multilink bundle-name authenticated

!

archive

log config

  hidekeys

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

lifetime 7200

crypto isakmp key cisco2 address 11.1.1.1

!

!

crypto ipsec transform-set newt ah-sha-hmac esp-3des esp-sha-hmac

!

crypto ipsec profile myipsec

set security-association lifetime seconds 7200

set transform-set newt

set pfs group2

!

interface Tunnel0

ip unnumbered Serial0/0

tunnel source Serial0/0

tunnel destination 11.1.1.1

!

interface FastEthernet0/0

ip address 200.168.2.1 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0

ip address 14.1.1.2 255.0.0.0

clock rate 2000000

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/1

no ip address

shutdown

clock rate 2000000

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 14.1.1.1

ip route 192.168.2.0 255.255.255.0 Tunnel0

!

!

ip http server

no ip http secure-server

control-plane

!

1 Reply 1

olpeleri
Cisco Employee
Cisco Employee

Hello,

At first glance:

On the spoke, tunnel mode ipsec ipv4 and tunnel protection is missing under tunnel0

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: