Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
337
Views
0
Helpful
1
Replies

Issue with isakmp session

Alfredo Bosca Bataller
Level 1
Level 1

‎02-07-2014 12:59 PM

I have configured IPSec on basic lab but don't can pinging from source loopback0

R1#ping 50.50.50.50 source 60.60.60.60

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 50.50.50.50, timeout is 2 seconds:

Packet sent with a source address of 60.60.60.60

.....

Success rate is 0 percent (0/5)

I have to add the next command also:

crypto map MAPACIFRADO local-address Loopback0

Attach the whole configuration.

I think that how don't can to send traffic between loopbacks R1-R2 the isakmp session don't work.

R1#show crypto isakmp sa

dst             src             state          conn-id slot status

http://networkingcontrol.wordpress.com/
#CCNP CSCO11962956       

http://networkingcontrol.wordpress.com/ #CCNP CSCO11962956
Labels:
Preview file
13 KB
15375412-R2.txt.zip
15375413-R1.txt.zip
0 Helpful
1 Reply 1

Poonam Garg
Level 3
Level 3

‎02-08-2014 08:45 AM

Hello Alfredo,

Since you are using default isakmp policy for phase 1 negotiation, it uses rsa-signature for authentication of peers. You have to get digital certificate from a CA server on both the routers to authenticate each other identity also before certifiacte request synchronise time on both the routers with NTP server.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents