Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

configuring vpn on router 2911

I have a router_A with a public ip for example 190.84.22.11 and other router, this router_B is connected to a modem (public IP for example 190.80.90.11 y LAN = 192.168.1.2, the modem is doing NAT).

The router_B have the IP address 192.168.1.2 and I can Ping to IP 190.84.22.11.

How can I configure a Tunnel with Ipsec

thanks

4 REPLIES

Re: configuring vpn on router 2911

Hi there,

Here is a configuration example from cisco documentation.

.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080223a59.shtml

Hope that helps.

Thanks

Rizwan Rafeek

Re: configuring vpn on router 2911

Please rate a helpful post.

thanks

configuring vpn on router 2911

Dear

I have a Router_A with a IP address = 190.108.84.138 and Router_B is connect a Modem With IP WAN = 190.40.61.120 and IP LAN = 192.168.1.1/24 and behind is a Router_B with IP WAN = 192.168.1.2/24.

I can do a ping form Router_B to Router_A because my Modem is doing NAT.

Router_B configuration

crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
lifetime 3600

crypto isakmp key InxElec address 190.40.16.84
!
crypto ipsec transform-set AES-SHA esp-aes 256 esp-sha-hmac
!
access-list 101 permit ip 10.122.0.0 0.0.0.255 10.122.62.0 0.0.0.255

crypto map VPN_San_Juan_TO_Huancavelica ipsec-isakmp
set peer 190.40.16.84
match address 101
set transform-set AES-SHA
set pfs group 5
!


interface Tunnel0
ip address 192.168.16.141 255.255.255.252
tunnel source GigaEtehernet 0/1
tunnel destination 190.40.16.84
tunnel mode ipsec ipv4
crypto map VPN_San_Juan_TO_Huancavelica
!
ip route 10.122.62.0 0.0.0.255 190.40.16.84 200

!
!

Router_A configuration

crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
lifetime 3600

crypto isakmp key InxElec address 190.108.84.138
!
crypto ipsec transform-set AES-SHA esp-aes 256 esp-sha-hmac
!
access-list 101 permit ip 10.122.62.0 0.0.0.255 10.122.0.0 0.0.0.255

crypto map VPN_San_Juan_TO_Huancavelica ipsec-isakmp
set peer 190.108.84.138
match address 101
set transform-set AES-SHA
set pfs group 5
!


interface Tunnel0
ip address 192.168.16.142 255.255.255.252
tunnel source GigaEthehernet 0/1
tunnel destination 190.108.84.138
tunnel mode ipsec ipv4
crypto map VPN_San_Juan_TO_Huancavelica
!

ip route 0.0.0.0 0.0.0.0 190.108.84.138 200

=====================================

configuring vpn on router 2911

You say:

Router_A IP = 190.108.84.138

Router_B IP = 190.40.61.120

But the peer in the crypto map, destination address in the crypto key and the destination on the tunnel interface on Router_B is 192.168.16.141. Should be 190.108.84.138, if your addresses are correct.

The Crypto map peer, destinaton address in the crypto map and the destination on the tunnel interface on Router_A is 190.108.84.138, which is itself? Should be 190.40.61.120.

778
Views
0
Helpful
4
Replies
CreatePlease to create content