Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site-to-site VPN issues on Cisco IOS

                   Hi People,

                    I am having issues trying to bring to get a site-site VPN directly connect up.

                    I think I have made the basic requirements for the VPN configurations however when I do a test ping on R7 fsourced from the lo0 interface to  the 2.2.2.2  i do not see any responses likewise when I do when I ping the 1.1.1.1 sourced from lo R8, no reply. the Isakmp SA is not activated too.

I have tried the same conguration on different IOS but still to no avail.

Every assistance is deeply appreciated.

The routers are 7200 ios and they are versioned as follows:

Cisco IOS Software, 7200 Software (C7200-JK9O3S-M), Version 12.4(19), RELEASE S                                                                                         OFTWARE (fc1)

See configuration below:

For R7

=====

hostname R7

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

no ip icmp rate-limit unreachable

!

!

ip cef

no ip domain lookup

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

ip tcp synwait-time 5

!

!

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 2

!

crypto isakmp peer address 10.1.12.2

!

!

crypto ipsec transform-set TEST esp-3des esp-md5-hmac

!

crypto map CMAP 10 ipsec-isakmp

set peer 10.1.12.2

set transform-set TEST

match address 120

!

!

!

!

interface Loopback0

ip address 1.1.1.1 255.255.255.0

!

interface FastEthernet0/0

ip address 10.1.12.1 255.255.255.0

ip ospf 1 area 1

duplex auto

speed auto

crypto map CMAP

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

router ospf 1

router-id 1.1.1.1

log-adjacency-changes

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

!

access-list 120 permit ip host 1.1.1.1 host 2.2.2.2

!

!

!

!

control-plane

!

!

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

stopbits 1

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

stopbits 1

line vty 0 4

login

!

!

end

For R8

=====

hostname R8

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

no ip icmp rate-limit unreachable

!

!

ip cef

no ip domain lookup

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

ip tcp synwait-time 5

!

!

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key cisco123 address 10.1.12.1

!

!

crypto ipsec transform-set TEST esp-3des esp-md5-hmac

!

crypto map CMAP 10 ipsec-isakmp

set peer 10.1.12.1

set transform-set TEST

match address 120

!

!

!

!

interface Loopback0

ip address 2.2.2.2 255.255.255.255

!

interface FastEthernet0/0

ip address 10.1.12.2 255.255.255.0

ip ospf 1 area 1

duplex auto

speed auto

crypto map CMAP

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

router ospf 1

router-id 2.2.2.2

log-adjacency-changes

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

!

access-list 120 permit ip host 2.2.2.2 host 1.1.1.1

!

!

!

!

control-plane

!

!

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

stopbits 1

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

stopbits 1

line vty 0 4

login

!

!

end

1 REPLY
New Member

Site-to-site VPN issues on Cisco IOS

Unless I missed it, R7 doesn't have a key defined. That would cause Phase 1 to fail too.

Thank you.

Joe

144
Views
0
Helpful
1
Replies
CreatePlease to create content