03-23-2007 02:12 AM
hello,all
I do some experiments about VPN with four router running 3640 IOS using dynamips.I have checked serveral times the configurations are normal,The outside interfaces on two border routers can ping each other.but IKE phase 1 cann't negotiate each other.Topology is as follows:
--R4(border)---R1---R2---R3(border)---
Configuration PLS refer to attachments.
03-23-2007 02:49 AM
Configs look fine. What are the debugs you are getting on the routers ?
debug cry isa
debug cry ipsec
-Kanishka
03-23-2007 03:40 AM
debug crypto isa is Null
debug crypto cry ipsec is Null
R3#debug crypto isakmp
Crypto ISAKMP debugging is on
R3#debug crypto ipsec
Crypto IPSEC debugging is on
R3#sh crypto isakmp sa
dst src state conn-id slot status
R3#show crypto ipsec sa
interface: Serial1/1
Crypto map tag: VPN-MAP, local addr 202.106.0.2
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.100.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.200.0/255.255.255.0/0/0)
current_peer 201.106.0.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 202.106.0.2, remote crypto endpt.: 201.106.0.2
path mtu 1500, ip mtu 1500, ip mtu idb Serial1/1
current outbound spi: 0x0(0)
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
R3#
03-23-2007 05:11 AM
You need to iniitate some interesting traffic for tunnel to start negotiating. Then only you will get the debugs.
Also, if you are accessing the routers through telnet, please enter this :
term mon
-Kanishka
03-26-2007 06:41 PM
Thank you,Kanishka
I will try it.
Min-quan Kuo
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: