09-25-2002 06:31 AM - edited 03-09-2019 12:27 AM
I am using IOS c2600-ik2s-mz.121-16.bin on both routers but can not get the command show crypto isakmp sa to show the connection
**********Config 1********************
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router1
!
!
!
!
!
!
memory-size iomem 10
ip subnet-zero
!
!
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key test address 192.168.10.66
!
!
crypto ipsec transform-set test esp-des
!
crypto map test 10 ipsec-isakmp
set peer 192.168.10.66
set transform-set test
match address 101
!
!
!
!
!
!
interface Ethernet0/0
ip address 192.168.3.1 255.255.255.0
crypto map test
!
interface Serial0/0
ip address 192.168.10.38 255.255.255.0
no fair-queue
clockrate 56000
crypto map test
!
interface Serial0/1
no ip address
shutdown
!
interface Serial0/2
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.10.66
ip http server
!
access-list 101 permit ip 192.168.3.0 0.0.0.255 10.3.2.0 0.0.0.255
!
!
line con 0
line aux 0
line vty 0 4
!
end
****************Config 2*************************
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router2
!
!
!
!
!
!
memory-size iomem 10
ip subnet-zero
!
!
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key test address 192.168.10.38
!
!
crypto ipsec transform-set test esp-des
!
crypto map test 10 ipsec-isakmp
set peer 192.168.10.38
set transform-set test
match address 101
!
!
controller T1 1/0
!
!
!
!
!
interface FastEthernet0/0
ip address 10.3.2.1 255.255.255.0
duplex auto
speed auto
crypto map test
!
interface Serial0/0
ip address 192.168.10.66 255.255.255.0
no fair-queue
crypto map test
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
!
interface Serial0/2
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.10.38
ip http server
!
access-list 101 permit ip 10.3.2.0 0.0.0.255 192.168.3.0 0.0.0.255
!
!
line con 0
line aux 0
line vty 0 4
!
end
09-25-2002 07:35 AM
On both routers, why do you have a "crypto map test" under the inside/lan interface (e0/0 and f0/0)? Remove them so only the outbound interface has the crypto map statement.
Steve
09-25-2002 08:20 AM
Had those in there for testing. I ended up having the config correctly all along just wasn't testing right.
Thanks for the help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide