12-01-2014 12:56 PM - edited 02-21-2020 07:57 PM
I'm trying to establish a site to site VPN in packet tracer. I followed the instructions from a website, but can't seem to get it working. The site said that it would break OSPF updates and I would need to set up a GRE tunnel. So far it broke all traffic except OSPF updates...show ip route shows all the needed routes. I've uploaded the packet tracer as well as both router configs. (Packet tracer file extension is png, you'll have to change it back to .pkt)
Solved! Go to Solution.
12-01-2014 02:13 PM
Just briefly checking your config:
Pre-shared-key is missing.
S2Router is missing PFS2 in crypto map.
Crypto ACL SECURED_TRAFFIC MUST BE AN EXACT REPLICA (in-reverse) on each router.
once you fix these basic vpn issues, if it still doesn't work, we can look into advanced troubleshooting. at this stage its just your config which needs to be correct.
And you better use GNs3 etc for this sort of test, or physical hardware if possible. PAcket-tracer is very basic for vpn thing i guess.
Regards
Plz mark answer as correct if it is of any help.
12-01-2014 02:13 PM
Just briefly checking your config:
Pre-shared-key is missing.
S2Router is missing PFS2 in crypto map.
Crypto ACL SECURED_TRAFFIC MUST BE AN EXACT REPLICA (in-reverse) on each router.
once you fix these basic vpn issues, if it still doesn't work, we can look into advanced troubleshooting. at this stage its just your config which needs to be correct.
And you better use GNs3 etc for this sort of test, or physical hardware if possible. PAcket-tracer is very basic for vpn thing i guess.
Regards
Plz mark answer as correct if it is of any help.
12-01-2014 03:16 PM
Thanks that works :-) For the record I'm pretty much forced to use packet tracer as this is a project for class where I have to design a network. It could be done in GNS3 but I'd have to save all configs, upload to real racks, and it would be kind of a pain to setup and demonstrate to the class :-p Believe me I hate PT with a passion after this project lol
12-01-2014 04:07 PM
As it turns out I had the ACL wrong. When I fix the ACL and the traffic is matching, it does not work. Here are the two configs. It seems as if any traffic that is unmatched by the ACL successfully goes through.
> Pre-shared-key is missing.
Isn't the preshared key simply "0":
crypto isakmp key 0 address 10.0.0.9
12-02-2014 12:18 AM
ACL still incorrect mate on one of the routers. note it has to be an exact replica: like 60 to 80 on one end and 80 to 60 on other end.
use this link for help
http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/867-cisco-router-site-to-site-ipsec-vpn.html
12-02-2014 08:34 AM
Meh it was working all along, I sent you the wrong configs. I have 4 different PT files because I keep old ones in case PT crashes. Two times I had packet tracer crash and overwrite the files with empty data and had a 0 byte project file, so every time I make changes I copy the file in case it crashes. I was working out of the wrong PT file! Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide