04-04-2002 07:57 PM - edited 02-21-2020 11:40 AM
Please c my configuration, the tunnel cannot be ping and the ipsec sa active not showing any connection. Some client in network 160.114.40.xxx(translated into 192.168.1.128 network) cannot ping to the peer router.
Building configuration...
Current configuration : 2525 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
memory-size iomem 25
ip subnet-zero
!
!
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
crypto isakmp policy 1
authentication pre-share
group 2
crypto isakmp key aaaaa address 192.168.1.130
!
!
crypto ipsec transform-set enigma esp-des esp-md5-hmac
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
!
crypto map mizuho 10 ipsec-isakmp
set peer 192.168.1.130
set transform-set enigma
match address 103
!
!
!
!
interface Tunnel0
ip address 192.168.2.1 255.255.255.0
tunnel source 192.168.1.2
tunnel destination 192.168.1.130
crypto map mizuho
!
interface Ethernet0
ip address 192.168.1.2 255.255.255.128
ip nat outside
half-duplex
!
interface FastEthernet0
ip address 160.114.42.250 255.255.255.0
ip nat inside
speed auto
!
ip nat pool mid 192.168.1.3 192.168.1.3 netmask 255.255.255.128
ip nat inside source list 1 pool mid overload
ip nat inside source static 160.114.42.69 192.168.1.69
ip nat inside source static 160.114.42.70 192.168.1.70
ip nat inside source static 160.114.42.101 192.168.1.18
ip nat inside source static 160.114.42.100 192.168.1.17
ip nat inside source static 160.114.42.78 192.168.1.16
ip nat inside source static 160.114.42.77 192.168.1.15
ip nat inside source static 160.114.42.76 192.168.1.14
ip nat inside source static 160.114.42.75 192.168.1.13
ip nat inside source static 160.114.42.74 192.168.1.12
ip nat inside source static 160.114.42.73 192.168.1.11
ip nat inside source static 160.114.42.72 192.168.1.10
ip nat inside source static 160.114.42.251 192.168.1.4
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 160.114.42.0 255.255.255.0 FastEthernet0
no ip http server
ip pim bidir-enable
!
access-list 1 permit 160.114.42.0 0.0.0.255
access-list 103 permit gre host 192.168.1.2 host 192.168.1.130
access-list 103 permit ip 192.168.1.128 0.0.0.127 192.168.1.0 0.0.0.127
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Building configuration...
Current configuration : 2552 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
memory-size iomem 25
ip subnet-zero
!
!
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
crypto isakmp policy 1
authentication pre-share
group 2
crypto isakmp key aaaaa address 192.168.1.2
!
!
crypto ipsec transform-set enigma esp-des esp-md5-hmac
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
!
crypto map mizuho 10 ipsec-isakmp
set peer 192.168.1.2
set transform-set enigma
match address 103
!
!
!
!
interface Tunnel0
ip address 192.168.2.2 255.255.255.0
tunnel source 192.168.1.130
tunnel destination 192.168.1.2
crypto map mizuho
!
interface Ethernet0
ip address 192.168.1.130 255.255.255.128
ip nat outside
half-duplex
!
interface FastEthernet0
ip address 160.114.40.241 255.255.255.0
ip nat inside
speed auto
!
ip nat pool bii 192.168.1.131 192.168.1.131 netmask 255.255.255.128
ip nat inside source list 1 pool bii overload
ip nat inside source static 160.114.40.126 192.168.1.149
ip nat inside source static 160.114.40.115 192.168.1.142
ip nat inside source static 160.114.40.103 192.168.1.145
ip nat inside source static 160.114.40.26 192.168.1.146
ip nat inside source static 160.114.40.109 192.168.1.147
ip nat inside source static 160.114.40.128 192.168.1.141
ip nat inside source static 160.114.40.28 192.168.1.140
ip nat inside source static 160.114.40.2 192.168.1.132
ip nat inside source static 160.114.40.254 192.168.1.133
ip nat inside source static 160.114.40.70 192.168.1.135
ip nat inside source static 160.114.40.27 192.168.1.148
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.129
ip route 160.114.40.0 255.255.255.0 FastEthernet0
no ip http server
ip pim bidir-enable
!
access-list 1 permit 160.114.40.0 0.0.0.255
access-list 103 permit gre host 192.168.1.130 host 192.168.1.2
access-list 103 permit ip 192.168.1.0 0.0.0.127 192.168.1.128 0.0.0.127
Thank YOu
04-05-2002 11:12 AM
You need to apply the crypto map to your EthernetO interface on both routers.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide