i'm stuggling from last 1 week to create successful VPN tunnel between each router in a tree type router network.I've tried md5 with 3des but i'm failed.someone suggest me to use gre tunnel with ipsec from this forum.Now i'm still unable to create successful gre tunnel between two routers in ospf routing environment.
I'm sending my configuration.Kindly check it if it is wrong give me right configuration of VPN tunnel in ospf routing environment between tro routers.
add this on the routers
crypto isakmp policy 10
now u have problem with ur ospf
u need to advertise the internal netowrk and the tunnels networks as well only
u done need to include the external IP address
remove it and add the tuneel network
also for the gre ACL i would suggest u to make source from internal network to remote site internal network
if helpful Rate
I have tried to follow your suggestions.actaully i'm very new in VPN tunnel.I'm sending my current tried configuration.
Now i'm able to create ipsec tunnel with GRE but data is not encrypted or decrypted and also a error message comes in 56 sec.
%cypto-6-isakmp_mode_failure:processing of informational mode failed with peer at xx.xx.xx.xx .
Dear Sir,Kindly help me to currect my configuration.Please update in my configuration.
Add following Static routes on the FHQ and Gandhinagar routers and posts results:
ip route 188.8.131.52 255.255.255.0 Serial0/0/1
ip route 184.108.40.206 255.255.255.0 Serial0/0/0
Pls rate helpful posts
I'm still unable to short out problem.
same error is coming and data is not encrypted or decrypted.
My humble request to test these senarios and then suggest me.
i'm waiting your reply.
If you have added the two routes as i mentioned above , can you remove following commands from the the two routers and then check:
no crypto map mymap local-address FastEthernet0/1
no crypto map mymap local-address GigabitEthernet0/0
According to me there is a lot of mistakes in your config. If you really want to sort this out just give me a time from 11:00am to 1:00pm tuesday to sunday so that we can chat on my yahoo masenger my id is firstname.lastname@example.org or call me on +91-9412222016 cos i have to ask a lot of question to sort this matter.
kindly send me a sample configuration of GRE tunnel with IPSEC between two routers.that will be very helpful to me...
waiting for your response....
try to do the following
on BOTH routers
crypto isakmp identity address
crypto isakmp policy 10
change the ACLs as following:
access-list 100 permit gre 220.127.116.11.0.0.255 18.104.22.168 0.0.0.255
on the other router:
access-list 100 permit gre 22.214.171.124 0.0.0.255 126.96.36.199 0.0.0.255
As per my knowledge there is some problem with access-list 100 you should use intrusting traffic source and destination addresses in access-list 100 rather then peer address because this is a vpn access-list no the normnal access-list applied on any ionterface.
kindly send me a tested configuration sample of gre tunnel with IPSEC between two routers.That will be very helpful to me.
hope this helps.
just a little tweak on firewall and router.