I am trying to configure a Site-to-site IPSec VPN using tunnel interfaces. I define the tunnel interfaces at both ends, but within the tunnel interfaces' configuration mode, whenever I input the "tunnel mode ipsec ipv4" line the tunnel interface immediately goes down (line protocol is down). I have been following the example located at http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html#wp1027265 but no luck so far.
When I input the "show ip route" command, since the Tunnel 0 interface is down the remote LAN route does not appear.
I am not that familiar with using Tunnels for IPSec VPNs, so any advice or comment will really be appreciated! Thank you very much in advance! Best regards!
Following one of my router's config:
(831 router with Version 12.4(4)T8 (c831-k9o3y6-mz.124-4.T8), local IP addressing is 192.168.20.0/24, and remote traffic is 192.168.10.0/24; this router is getting internet address using PPPoE via IPCP negotiation, and to avoid problems I have not configured any FW functionality yet).
Current configuration : 3012 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname MchRemoto1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$Kuns$rRN78HqUoZlUFBzZKSscE1 ! no aaa new-model ! resource policy ! ip subnet-zero no ip dhcp use vrf connected ip dhcp excluded-address 192.168.20.1 192.168.20.3 ! ip dhcp pool pooldeips import all network 192.168.20.0 255.255.255.0 default-router 192.168.20.1 dns-server 192.168.20.1 option 150 ip 10.1.1.1 ! ! ip cef ! ! ! no crypto engine software ipsec username localuser password 0 localpassword ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key L2Lclave hostname <PeerDDNS-resolvedAddress> ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto ipsec profile VTI set transform-set ESP-3DES-SHA ! ! interface Tunnel1 no ip address ! interface Tunnel0 ip address 220.127.116.11 255.255.255.0 tunnel source Dialer1 tunnel destination <PeerInternetAddress> tunnel mode ipsec ipv4 tunnel protection ipsec profile VTI ! interface Ethernet0 ip address 192.168.20.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 hold-queue 100 out ! interface Ethernet1 no ip address duplex auto pppoe enable group global pppoe-client dial-pool-number 1 no cdp enable ! interface Ethernet2 no ip address shutdown ! interface FastEthernet1 duplex auto speed auto ! interface FastEthernet2 duplex auto speed auto ! interface FastEthernet3 duplex auto speed auto ! interface FastEthernet4 duplex auto speed auto ! interface Dialer1 ip address negotiated ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname username ppp chap password 0 password ppp pap sent-username username password 0 password ppp ipcp dns request accept ppp ipcp wins request ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ip route 192.168.10.0 255.255.255.0 Tunnel0 ip http server no ip http secure-server ! ip dns server ip nat inside source route-map nnat interface Dialer1 overload ! access-list 100 deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255 access-list 100 permit ip 192.168.20.0 0.0.0.255 any dialer-list 1 protocol ip permit route-map nnat permit 1 match ip address 100 ! ! control-plane ! ! line con 0 no modem enable transport output all line aux 0 transport output all line vty 0 4 password password login transport input all transport output all ! scheduler max-task-time 5000 end
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...