01-13-2006 06:05 AM - edited 03-09-2019 01:36 PM
Hello,
I'm trying to connect several 871 routers to a 2821 router and the first 871 gets connected fine, but the next one doesn't, seems like a configuration issue but I don't have a clue where to look at.
show crypto session on the 2821:
Crypto session current status
Interface: Tunnel0
Session status: UP-ACTIVE
Peer: --client1ip-- port 500
IKE SA: local --dmvpnhubip--/500 remote --client1ip--/500 Active
IPSEC FLOW: permit 47 host --dmvpnhubip-- host
--client1ip-- Active SAs: 2, origin: crypto map
Interface: GigabitEthernet0/0
Session status: DOWN-NEGOTIATING
Peer: --client2ip-- port 500
IKE SA: local --dmvpnhubip--/500 remote --client2ip--/500 Inactive
IKE SA: local --dmvpnhubip--/500 remote --client2ip--/500 Inactive
I think the problem is the interface of the second session, it's gi0/0 instead of tunnel0, what am I doing wrong or what other information do you need to help me?
Do I have to create a tunnel interface for every 871 which should connect to the 2821? I've heard something about using templates for automatic tunnel interface creation but don't know if it is what I need here.
Thank you
01-13-2006 07:07 AM
Ok I got client2 running, forgot to set no-xauth on the hub for client2 but client3 is still not working, seems as if the provider of client3 is filtering some traffic, any ideas what I should try to debug?
01-16-2006 12:20 PM
Try to connect client3 then have a look at sh crypto isakmp sa and show crypto ipsec sa. If the isakmp is at QM_IDLE then your phase 1 key exchange is ok.You should be able to see packets on the ipsec tunnel as well.
If you still think the ISP is blocking your crypto traffic try a debug ip packet using an acl to trap just the packets your interested in. Note this can be CPU intensive. Also you will need to switch off CEF and fast switching otherwise you debug may not see the traffic anyway.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide