Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
248
Views
0
Helpful
2
Replies

Router to Router Pre-share IPsec

fausto_batista
Level 1
Level 1

‎09-04-2002 12:17 PM - edited ‎02-21-2020 12:02 PM

Im having problems setting up a vpn connection between to routers. After the configuration is in both routers i turn on the debugs for isakmp and ipsec and theres is no outcome when i try to set the tunnel by pinging the remote host.

I need someone to contact so i can send him/her my configuration to verify everything is correct.

Theres is one single thing im not sure about. My Internet connection is as follows my wan ip is a private with the internet supplyer 10.0.0.102 and my ethernet ip is a public address 200.42.x.x. I have compared my configuration with some cisco examples and i notice that in most configurations the routers have 2 ethernets, one public and one private. The public one is the peer of the remote router and the private is the one to access. In my case the same network that serves as peer is the one to be access because my server is located int the same 200.42.x.x. Im not quite sure about this part.

Ive set vpn tunnels pix to pix and pix to vpn concentrator before, but i only have set router to router in labs.

Can some one give me a hand?

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

a.roach
Level 1
Level 1

‎09-05-2002 10:18 AM

Hi Fausto,

The only thing that I can think of right off the top of my head is that the access list you have is not in the right order or you do not have an access list in place. I do believe Cisco do not should an access list in any of its config but they are needed in order to get the tunnel up. I just did a router to router vpn connection using a 1710 and a 1721 and that is what I ran into doing the configuration. Hope this Help!!!!

Alton

0 Helpful

fausto_batista
Level 1
Level 1
In response to a.roach

‎09-05-2002 11:09 AM

Thanks Alton for your reply. I solved the problem with cisco TAC assistance. The problem was based on the way that Internet is offered in the Dominican Republic by this specific supplyer. What i needed was to set the serial int to and unnumbered ip and refer to the fe interface, then i had to apply the crypto map to the serial interface refering also to the fe interface using the local-address command.

I pinged the remote host and finally the tunnel was stablish. Hope this stays on line for a while so other people can learn from my experience.

Thanks again Alton for your reply.

0 Helpful
Customers Also Viewed These Support Documents