Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site-to-Site VPN from a C7613 - VPN engine not triggered

Hi !

I am trying to setup a site-to-site VPN from a C7613 (122-33.SRB1.bin) to another Cisco device -

using the following commands.

I am sending traffic (which is configured in the ACL) - but no VPN is triggered.

I got failures like " No peer struct to get peer description"

I can not even see traffic to the VPN-Peer Address (monitor port on the physical interface).

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key ********** address xxx.xxx.xxx.xxx

crypto isakmp keepalive 3600

!

!

crypto ipsec transform-set SET1 esp-3des esp-sha-hmac

!

crypto map MAP1 10 ipsec-isakmp

set peer xxx.xxx.xxx.xxx

set transform-set SET1

match address 101

MAP1 is bound to a VLAN Interface (crypto map MAP1)

Could you please help me ???

thx

hans

2 REPLIES
Bronze

Re: Site-to-Site VPN from a C7613 - VPN engine not triggered

I have just encountered the same issue.

How did you resolve yours?

I think it's something to do with ACLs, but I cannot figure it out at the moment!

Any clues?

Chris

Bronze

Re: Site-to-Site VPN from a C7613 - VPN engine not triggered

I figured out the problem.

I needed to generate valid interesting traffic, and since there was a transit network from the router to the core switch stack, I needed to telnet to the core switch and ping the remote network with a valid source interface. e.g. ping 10.202.1.1 source vlan1

Then the VPN tunnel came up!

Chris

227
Views
0
Helpful
2
Replies
CreatePlease to create content