05-01-2012 07:27 AM
HI
Acc i am trying to deploy site to site dynamic vti vpn
i send you my toplogy and config too
its is not working can any please tell me where i am worng..
thankyou
R1#sh run
Building configuration...
Current configuration : 1707 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
archive
log config
hidekeys
!
crypto keyring myvpnkey
pre-shared-key address 14.1.1.2 key cisco2
pre-shared-key address 13.1.1.2 key cisco1
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 7200
crypto isakmp profile myisakmp
keyring myvpnkey
match identity address 13.1.1.2 255.255.255.255
match identity address 14.1.1.2 255.255.255.255
virtual-template 1
!
!
crypto ipsec transform-set newt ah-sha-hmac esp-3des esp-sha-hmac
!
crypto ipsec profile myipsec
set security-association lifetime seconds 7200
set transform-set newt
set pfs group2
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
ip address 11.1.1.1 255.0.0.0
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface Virtual-Template1 type tunnel
ip unnumbered Serial0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile myipsec
!
router rip
network 14.0.0.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 11.1.1.2
!
!
ip http server
no ip http secure-server
when i run sh ip int b then i see my Virtual-Template1 is down
R1 #sh ip int b
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.2.1 YES NVRAM up up
Serial0/0 11.1.1.1 YES NVRAM up up
FastEthernet0/1 unassigned YES NVRAM administratively down down
Serial0/1 unassigned YES NVRAM administratively down down
Virtual-Access1 unassigned YES unset down down
Virtual-Template1 11.1.1.1 YES TFTP down down
=========================================================================================================
and the spoke config is
R5#sh run
Building configuration...
*Mar 1 01:29:41.851: %SYS-5-CONFIG_I: Configured from console by console
Current configuration : 1430 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 7200
crypto isakmp key cisco2 address 11.1.1.1
!
!
crypto ipsec transform-set newt ah-sha-hmac esp-3des esp-sha-hmac
!
crypto ipsec profile myipsec
set security-association lifetime seconds 7200
set transform-set newt
set pfs group2
!
interface Tunnel0
ip unnumbered Serial0/0
tunnel source Serial0/0
tunnel destination 11.1.1.1
!
interface FastEthernet0/0
ip address 200.168.2.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
ip address 14.1.1.2 255.0.0.0
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 14.1.1.1
ip route 192.168.2.0 255.255.255.0 Tunnel0
!
!
ip http server
no ip http secure-server
control-plane
!
05-01-2012 10:56 PM
Hello,
At first glance:
On the spoke, tunnel mode ipsec ipv4 and tunnel protection is missing under tunnel0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide