04-24-2008 02:13 AM - edited 02-21-2020 03:41 PM
Hello,
I have a problem in encrypt a mGRE tunnel between two 7609 routers.
Here you have the configuration:
crypto keyring key1
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco
!
crypto isakmp policy 1
authentication pre-share
group 2
lifetime 14400
crypto isakmp aggressive-mode disable
crypto isakmp profile isakmp_data
keyring key1
match identity address 0.0.0.0
!
!
crypto ipsec transform-set gre esp-des
mode transport
no crypto ipsec nat-transparency udp-encaps
!
crypto ipsec profile tp
set transform-set gre
set isakmp-profile isakmp_data
...........
interface Tunnel100
bandwidth 1000000
ip address 4.x.x.1 255.255.255.252
no ip redirects
ip mtu 1416
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 600
ip ospf network broadcast
ip ospf priority 2
delay 1000
tunnel source ATM4/0/0.2
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile tp
crypto engine slot 3/0
The mGRE tunnel is up and running but I cannot establish the ISAKMP SA
If you have some ideeas about this issue, would be helpful.
Regards,
Alexandru Nitulescu
04-30-2008 05:50 AM
The following URL will help you:
Configuring Dynamic Multipoint VPN (DMVPN) using GRE over IPSec between Multiple Routers
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008014bcd7.shtml
Configuring an IPSec Tunnel to Route Through a Hub and Multiple Remote Sites :
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009438e.shtml
05-05-2008 06:44 AM
That's a bit odd, what should happen is that the IPSec conn should come up, and *then* the mGRE tunnel should come up.
What's the output of:
- sh crypto isakmp sa
- sh crypto ipsec sa
While trying to bring the link up, what's the output from
- debug crypto isakmp
- debug crypto ipsec?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide