Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
440
Views
0
Helpful
1
Replies

VPN Gurus Please HElp ME

julihato
Level 1
Level 1

‎04-04-2002 07:57 PM - edited ‎02-21-2020 11:40 AM

Please c my configuration, the tunnel cannot be ping and the ipsec sa active not showing any connection. Some client in network 160.114.40.xxx(translated into 192.168.1.128 network) cannot ping to the peer router.

Building configuration...

Current configuration : 2525 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

memory-size iomem 25

ip subnet-zero

!

!

!

ip ssh time-out 120

ip ssh authentication-retries 3

!

crypto isakmp policy 1

authentication pre-share

group 2

crypto isakmp key aaaaa address 192.168.1.130

!

!

crypto ipsec transform-set enigma esp-des esp-md5-hmac

crypto mib ipsec flowmib history tunnel size 200

crypto mib ipsec flowmib history failure size 200

!

crypto map mizuho 10 ipsec-isakmp

set peer 192.168.1.130

set transform-set enigma

match address 103

!

!

!

!

interface Tunnel0

ip address 192.168.2.1 255.255.255.0

tunnel source 192.168.1.2

tunnel destination 192.168.1.130

crypto map mizuho

!

interface Ethernet0

ip address 192.168.1.2 255.255.255.128

ip nat outside

half-duplex

!

interface FastEthernet0

ip address 160.114.42.250 255.255.255.0

ip nat inside

speed auto

!

ip nat pool mid 192.168.1.3 192.168.1.3 netmask 255.255.255.128

ip nat inside source list 1 pool mid overload

ip nat inside source static 160.114.42.69 192.168.1.69

ip nat inside source static 160.114.42.70 192.168.1.70

ip nat inside source static 160.114.42.101 192.168.1.18

ip nat inside source static 160.114.42.100 192.168.1.17

ip nat inside source static 160.114.42.78 192.168.1.16

ip nat inside source static 160.114.42.77 192.168.1.15

ip nat inside source static 160.114.42.76 192.168.1.14

ip nat inside source static 160.114.42.75 192.168.1.13

ip nat inside source static 160.114.42.74 192.168.1.12

ip nat inside source static 160.114.42.73 192.168.1.11

ip nat inside source static 160.114.42.72 192.168.1.10

ip nat inside source static 160.114.42.251 192.168.1.4

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip route 160.114.42.0 255.255.255.0 FastEthernet0

no ip http server

ip pim bidir-enable

!

access-list 1 permit 160.114.42.0 0.0.0.255

access-list 103 permit gre host 192.168.1.2 host 192.168.1.130

access-list 103 permit ip 192.168.1.128 0.0.0.127 192.168.1.0 0.0.0.127

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Building configuration...

Current configuration : 2552 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

memory-size iomem 25

ip subnet-zero

!

!

!

ip ssh time-out 120

ip ssh authentication-retries 3

!

crypto isakmp policy 1

authentication pre-share

group 2

crypto isakmp key aaaaa address 192.168.1.2

!

!

crypto ipsec transform-set enigma esp-des esp-md5-hmac

crypto mib ipsec flowmib history tunnel size 200

crypto mib ipsec flowmib history failure size 200

!

crypto map mizuho 10 ipsec-isakmp

set peer 192.168.1.2

set transform-set enigma

match address 103

!

!

!

!

interface Tunnel0

ip address 192.168.2.2 255.255.255.0

tunnel source 192.168.1.130

tunnel destination 192.168.1.2

crypto map mizuho

!

interface Ethernet0

ip address 192.168.1.130 255.255.255.128

ip nat outside

half-duplex

!

interface FastEthernet0

ip address 160.114.40.241 255.255.255.0

ip nat inside

speed auto

!

ip nat pool bii 192.168.1.131 192.168.1.131 netmask 255.255.255.128

ip nat inside source list 1 pool bii overload

ip nat inside source static 160.114.40.126 192.168.1.149

ip nat inside source static 160.114.40.115 192.168.1.142

ip nat inside source static 160.114.40.103 192.168.1.145

ip nat inside source static 160.114.40.26 192.168.1.146

ip nat inside source static 160.114.40.109 192.168.1.147

ip nat inside source static 160.114.40.128 192.168.1.141

ip nat inside source static 160.114.40.28 192.168.1.140

ip nat inside source static 160.114.40.2 192.168.1.132

ip nat inside source static 160.114.40.254 192.168.1.133

ip nat inside source static 160.114.40.70 192.168.1.135

ip nat inside source static 160.114.40.27 192.168.1.148

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.129

ip route 160.114.40.0 255.255.255.0 FastEthernet0

no ip http server

ip pim bidir-enable

!

access-list 1 permit 160.114.40.0 0.0.0.255

access-list 103 permit gre host 192.168.1.130 host 192.168.1.2

access-list 103 permit ip 192.168.1.0 0.0.0.127 192.168.1.128 0.0.0.127

Thank YOu

Labels:
0 Helpful
1 Reply 1

mdahl
Level 1
Level 1

‎04-05-2002 11:12 AM

You need to apply the crypto map to your EthernetO interface on both routers.

0 Helpful
Customers Also Viewed These Support Documents