Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site2Site VPN

Hi all,

Here I'm again trying to resolve a simple Site 2 Site VPN between two Cisco 2800 routers. One has a static IP form the ISP the other a DHCP however I'm using the IP that I got from the DHCP..

Both running code:

adventerprisek9-mz.124-24.T8

The only error that I get form one router:

crypto_engine: Create signature

select crypto engine: ce_engine[2] does not  accept the capabilities

select crypto engine: ce_engine[3] does not  accept the capabilities

select crypto engine: ce_engine[2] does not  accept the capabilities

select crypto engine: ce_engine[3] does not  accept the capabilities

Router A:

Crypto Map "vpnset" 10 ipsec-isakmp

        Peer = 24.46.x.x

        Extended IP access list 100

            access-list 100 permit ip 172.22.1.0 0.0.0.255 192.168.12.0 0.0.0.255

        Current peer: 24.46.41.241

        Security association lifetime: 4608000 kilobytes/3600 seconds

        Responder-Only (Y/N): N

        PFS (Y/N): N

        Transform sets={

                vpnset:  { esp-aes esp-sha-hmac  } ,

        }

        Interfaces using crypto map vpnset:

                FastEthernet0/0

Interface: FastEthernet0/0

Session status: DOWN

Peer: 24.46.41.241 port 500

  IPSEC FLOW: permit ip 172.22.1.0/255.255.255.0 192.168.12.0/255.255.255.0

        Active SAs: 0, origin: crypto map

Router B:

Crypto Map "vpnset" 10 ipsec-isakmp

        Peer = 108.170.X.X

        Extended IP access list 100

            access-list 100 permit ip 192.168.12.0 0.0.0.255 172.22.1.0 0.0.0.255

        Current peer: 108.170.99.74

        Security association lifetime: 4608000 kilobytes/3600 seconds

        Responder-Only (Y/N): N

        PFS (Y/N): N

        Transform sets={

                vpnset:  { esp-aes esp-sha-hmac  } ,

        }

        Interfaces using crypto map vpnset:

                FastEthernet0/0

Interface: FastEthernet0/0

Session status: DOWN

Peer: 24.46.41.241 port 500

  IPSEC FLOW: permit ip 172.22.1.0/255.255.255.0 192.168.12.0/255.255.255.0

        Active SAs: 0, origin: crypto map

Nothing goes across and the Session keeps saying: DOWN

ANy thoughs would be appreicated..

1 REPLY
New Member

Site2Site VPN

After many hours of troubleshooting i created a tunnel 0 interface, No NAT or ACL needed based on this cisco document:

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_ipsec_virt_tunnl.html#wp1110852

332
Views
0
Helpful
1
Replies
CreatePlease login to create content