Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VTI hub and spoke configuration

Good afternoon,

After a week of tryign to config, and even erasing the config entirely and start over, I am unable to establish a VTI tunnel!  Attached config files and Crypto tech-support print out is in file.  Spoke Tunnel is line up protocol down and unable to connect...  What am I missing?????  Am I point to the wrong interfaces, are my IP routes wrong or eigrp needs a change? 

long pst below, but the attached files shows almost everything.

Any help would be greatly appreciated!

Tracey

______________________________________________________

                  

DVTI basic config:

crypto keyring POD

  pre-shared-key address 0.0.0.0 0.0.0.0 key japod

!

crypto isakmp policy 100

encr aes 256

authentication pre-share

group 5

crypto isakmp profile VPN-IKE

   keyring POD

   match identity address 0.0.0.0

   virtual-template 1

!

!

crypto ipsec transform-set AES-256-SHA esp-aes 256 esp-sha-hmac

!

crypto ipsec profile JaggedAmber

set transform-set AES-256-SHA

set pfs group5

interface Loopback0

ip address 192.168.50.1 255.255.255.255

interface GigabitEthernet0/1

ip address 192.168.28.1 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/2

ip address 192.168.30.1 255.255.255.0

duplex auto

speed auto

!

interface Virtual-Template1 type tunnel

ip unnumbered Loopback0

ip authentication mode eigrp 100 md5

ip authentication key-chain eigrp 1 pod

tunnel source GigabitEthernet0/2

tunnel mode ipsec ipv4

tunnel protection ipsec profile JaggedAmber

!

!

router eigrp 100

network 192.168.28.0

network 192.168.30.0

network 192.168.32.0

crypto keyring POD

  pre-shared-key address 192.168.30.1 key japod

!

crypto isakmp policy 1

encr aes 256

authentication pre-share

group 5

!

!

crypto ipsec transform-set AES-256-SHA esp-aes 256 esp-sha-hmac

!

crypto ipsec profile JaggedAmber

set transform-set AES-256-SHA

!

interface Loopback0

ip address 192.168.51.1 255.255.255.255

!

interface Tunnel0

ip unnumbered Loopback0

tunnel source GigabitEthernet0/2

tunnel mode ipsec ipv4

tunnel destination 192.168.30.1

tunnel protection ipsec profile JaggedAmber

interface GigabitEthernet0/1

ip address 10.3.1.1 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/2

ip address 192.168.30.2 255.255.255.0

duplex auto

speed auto

!

!

router eigrp 100

network 10.0.0.0

network 192.168.30.0

network 192.168.32.0

crypto keyring POD

  pre-shared-key address 0.0.0.0 0.0.0.0 key japod

!

crypto isakmp policy 100

encr aes 256

authentication pre-share

group 5

crypto isakmp profile VPN-IKE

   keyring POD

   match identity address 0.0.0.0

   virtual-template 1

!

!

crypto ipsec transform-set AES-256-SHA esp-aes 256 esp-sha-hmac

!

crypto ipsec profile JaggedAmber

set transform-set AES-256-SHA

set pfs group5

interface Loopback0
ip address 192.168.50.1 255.255.255.255

interface GigabitEthernet0/1
ip address 192.168.28.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 192.168.30.1 255.255.255.0
duplex auto
speed auto
!
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 1 pod
tunnel source GigabitEthernet0/2
tunnel mode ipsec ipv4
tunnel protection ipsec profile JaggedAmber
!
!
router eigrp 100
network 192.168.28.0
network 192.168.30.0
network 192.168.32.0

ip route 0.0.0.0 0.0.0.0 192.168.32.2

_______________________________________

Spoke basic config:

crypto keyring POD
  pre-shared-key address 192.168.30.1 key japod
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 5
!
!
crypto ipsec transform-set AES-256-SHA esp-aes 256 esp-sha-hmac
!
crypto ipsec profile JaggedAmber
set transform-set AES-256-SHA
!

interface Loopback0
ip address 192.168.51.1 255.255.255.255
!
interface Tunnel0
ip unnumbered Loopback0
tunnel source GigabitEthernet0/2
tunnel mode ipsec ipv4
tunnel destination 192.168.30.1
tunnel protection ipsec profile JaggedAmber

interface GigabitEthernet0/1
ip address 10.3.1.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 192.168.30.2 255.255.255.0
duplex auto
speed auto
!
!
router eigrp 100
network 10.0.0.0
network 192.168.30.0
network 192.168.32.0

ip route 0.0.0.0 0.0.0.0 Tunnel0

Everyone's tags (1)
514
Views
0
Helpful
0
Replies
CreatePlease to create content