Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Router to Router Pre-share IPsec

Im having problems setting up a vpn connection between to routers. After the configuration is in both routers i turn on the debugs for isakmp and ipsec and theres is no outcome when i try to set the tunnel by pinging the remote host.

I need someone to contact so i can send him/her my configuration to verify everything is correct.

Theres is one single thing im not sure about. My Internet connection is as follows my wan ip is a private with the internet supplyer 10.0.0.102 and my ethernet ip is a public address 200.42.x.x. I have compared my configuration with some cisco examples and i notice that in most configurations the routers have 2 ethernets, one public and one private. The public one is the peer of the remote router and the private is the one to access. In my case the same network that serves as peer is the one to be access because my server is located int the same 200.42.x.x. Im not quite sure about this part.

Ive set vpn tunnels pix to pix and pix to vpn concentrator before, but i only have set router to router in labs.

Can some one give me a hand?

Thanks in advance.

2 REPLIES
New Member

Re: Router to Router Pre-share IPsec

Hi Fausto,

The only thing that I can think of right off the top of my head is that the access list you have is not in the right order or you do not have an access list in place. I do believe Cisco do not should an access list in any of its config but they are needed in order to get the tunnel up. I just did a router to router vpn connection using a 1710 and a 1721 and that is what I ran into doing the configuration. Hope this Help!!!!

Alton

New Member

Re: Router to Router Pre-share IPsec

Thanks Alton for your reply. I solved the problem with cisco TAC assistance. The problem was based on the way that Internet is offered in the Dominican Republic by this specific supplyer. What i needed was to set the serial int to and unnumbered ip and refer to the fe interface, then i had to apply the crypto map to the serial interface refering also to the fe interface using the local-address command.

I pinged the remote host and finally the tunnel was stablish. Hope this stays on line for a while so other people can learn from my experience.

Thanks again Alton for your reply.

122
Views
0
Helpful
2
Replies
CreatePlease to create content