Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN with two cisco827

Hi there!

I´ve got a problem configuring a VPN between 2 offices using 2 routers CISCO 827 and IPSec.

I can´t comunicate both peers.

I send the configuration of the routers.

Can you help me?

Thanx

1 REPLY
New Member

Re: VPN with two cisco827

ROUTER CISCO 827 1

ip subnet-zero

no ip finger

ip dhcp excluded-address 10.10.10.1

!

ip dhcp pool CLIENT

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

!

!

!

crypto isakmp policy 10

hash md5

authentication pre-share

lifetime 240

crypto isakmp key key1 address 213.97.199.154 255.255.255.192

!

crypto ipsec security-association lifetime seconds 120

!

crypto ipsec transform-set transform1 esp-des esp-md5-hmac

mode transport

!

crypto map map1 local-address Tunnel1

crypto map map1 10 ipsec-isakmp

set peer 213.97.199.154

set transform-set transform1

set pfs group1

match address 110

!

!

!

!

interface Tunnel1

description tunel tycsa 01

ip address 192.168.50.1 255.255.255.0

tunnel source 213.4.18.230

tunnel destination 213.97.199.154

crypto map map1

!

interface Ethernet0

ip address 10.0.0.14 255.255.255.0

ip nat inside

!

interface ATM0

no ip address

no atm ilmi-keepalive

bundle-enable

dsl operating-mode auto

!

interface ATM0.1 point-to-point

ip address 213.4.18.230 255.255.255.192

ip access-group 120 in

ip nat outside

pvc 3/32

encapsulation aal5snap

!

!

ip nat inside source list 130 interface ATM0.1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 ATM0.1

ip route 172.26.0.0 255.255.0.0 Tunnel1

ip http server

!

access-list 110 permit gre host 213.4.18.230 host 213.97.199.154

access-list 120 permit tcp any any established

access-list 120 permit esp any any

access-list 120 permit gre any any

access-list 120 permit udp any eq isakmp any eq isakmp

access-list 130 permit ip 0.0.0.0 255.255.255.0 any

!

line con 0

exec-timeout 120 0

transport input none

stopbits 1

line vty 0 4

exec-timeout 0 0

login local

!

scheduler max-task-time 5000

end

ROUTER CISCO 827 2

ip subnet-zero

no ip domain-lookup

!

ip dhcp pool CLIENT

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

!

!

!

crypto isakmp policy 10

hash md5

authentication pre-share

lifetime 240

crypto isakmp key key1 address 213.4.18.230 255.255.255.192

!

crypto ipsec security-association lifetime seconds 120

!

crypto ipsec transform-set transform1 esp-des esp-md5-hmac

mode transport

!

crypto map map1 local-address Tunnel1

crypto map map1 10 ipsec-isakmp

set peer 213.4.18.230

set transform-set transformada

set pfs group1

match address 110

!

!

!

!

interface Tunnel1

description Tunnel tycsa02

ip address 192.168.50.2 255.255.255.0

tunnel source 213.97.199.154

tunnel destination 213.4.18.230

crypto map map1

!

interface Ethernet0

ip address 10.0.0.200 255.255.255.0

ip nat inside

!

interface ATM0

no ip address

no atm ilmi-keepalive

bundle-enable

dsl operating-mode auto

!

interface ATM0.1 point-to-point

ip address 213.97.199.154 255.255.255.192

ip access-group 120 in

ip nat outside

pvc 8/32

encapsulation aal5snap

!

!

ip nat inside source list 130 interface ATM0.1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 ATM0.1

ip route 10.0.0.0 255.255.0.0 Tunnel1

ip http server

!

access-list 110 permit gre host 213.97.199.154 host 213.4.18.230

access-list 120 permit tcp any any established

access-list 120 permit esp any any

access-list 120 permit gre any any

access-list 120 permit udp any eq isakmp any eq isakmp

access-list 130 permit ip 172.26.0.0 0.0.0.255 any

!

line con 0

exec-timeout 120 0

transport input none

stopbits 1

line vty 0 4

exec-timeout 0 0

login local

!

scheduler max-task-time 5000

end

------------------------------------------------

DEBUG COMMANDO ON ROUTER 1

jesus#show crypto isakmp sa

dst src state conn-id slot

jesus#show crypto ipsec sa

interface: Tunnel1

Crypto map tag: map1, local addr. 192.168.50.1

local ident (addr/mask/prot/port): (213.4.18.230/255.255.255.255/47/0)

remote ident (addr/mask/prot/port): (213.97.199.154/255.255.255.255/47/0)

current_peer: 213.97.199.154

PERMIT, flags={origin_is_acl,}

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0

#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 0, #recv errors 0

local crypto endpt.: 192.168.50.1, remote crypto endpt.: 213.97.199.154

path mtu 1514, media mtu 1514

current outbound spi: 0

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

jesus#show crypto engine connection active

ID Interface IP-Address State Algorithm Encrypt Decrypt

187
Views
0
Helpful
1
Replies
CreatePlease login to create content