Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Site-to-Site not up tunel on one router

Hi,

First time I try configure VPN Site-to-Site on two routers X and Y. I use cisco SDM

Router X I configure on this way http://www.tekkom.dk/mediawiki/images/e/ee/IP_sec_site-to-site_sdm.pdf

Then i create a mirror and past it on router Y. I up tunel VPN on router Y.

But I have problem with router X. When I try up Tunel i have two problems:

The peer must be routed through the crypto map interface. The following peer(s) are routed through non-crypto map interface. 1) 79.**.**.**

(79.** - it's adsress WLAN router Y)

The tunnel traffic destination must be routed through the crypto map interface. The following destination(s) are routed through non-crypto map interface. 1) 10.**.**.**

(10.**.*** - it's address LAN router Y)

Routers configuration in files.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

VPN Site-to-Site not up tunel on one router

Apologies for missing your reply.

You have the same crypto map applied to both the physical interface and the dialer0 interface. Can you try removing it from the dialer0 interface and retesting.

If that doesn't work can you try it in reverse ie. remove from physcial and apply to dialer0 only.

Jon

7 REPLIES
Hall of Fame Super Blue

VPN Site-to-Site not up tunel on one router

Can you post router configs ?

Jon

New Member

VPN Site-to-Site not up tunel on one router

Now I add conf my routers

Hall of Fame Super Blue

Re: VPN Site-to-Site not up tunel on one router

From both routers can you post -

1) "sh ip route"

2) "sh ip int br"

New Member

VPN Site-to-Site not up tunel on one router

This is result:

ROUTER X

router#sh ip route

Gateway of last resort is 83.*.*.*-1 to network 0.0.0.0

     83.0.0.0/30 is subnetted, 1 subnets

C       83.*.*.*-2 is directly connected, FastEthernet4

     172.*.*.*/24 is subnetted, 1 subnets

C       172.*.*. *is directly connected, Vlan1

S*   0.0.0.0/0 [1/0] via 83.*.*.*-1

router#sh ip int br

Any interface listed with OK? value "NO" does not have a valid configuration

Interface                  IP-Address      OK? Method Status                Prot

ocol

FastEthernet0              unassigned      YES unset  up                    down

FastEthernet1              unassigned      YES unset  up                    up

FastEthernet2              unassigned      YES unset  up                    down

FastEthernet3              unassigned      YES unset  up                    up

FastEthernet4              83.*.*.*    YES NVRAM  up                    up

Vlan1                      172.*.*.*+1     YES NVRAM  up                    up

NVI0                       83.*.*.*    YES unset  up                    up

Virtual-Template2          172.*.*.*+1      YES TFTP   down                  down

Virtual-Template1          172..*.*.*+1     YES TFTP   down                  down

Dialer0                    unassigned      YES NVRAM  up                    up

Virtual-Access1            unassigned      YES unset  down                  down

Virtual-Access2            unassigned      NO  TFTP   down                  down

router#

-------------------------------------------------

ROUTER Y

router#sh ip route

Gateway of last resort is 79.*.*.*-1 to network 0.0.0.0

     10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

S       10.10.*.*/32 [1/0] via 0.0.0.0, Virtual-Access3

S       10.10.*.*/32 [1/0] via 0.0.0.0, Virtual-Access2

C       10.*.*.*/24 is directly connected, Vlan1

     79.0.0.0/30 is subnetted, 1 subnets

C       79.*.*.*-2 is directly connected, FastEthernet4

S*   0.0.0.0/0 [1/0] via 79.*.*.*-1

router#sh ip int br

Interface                  IP-Address      OK? Method Status                Prot

ocol

FastEthernet0              unassigned      YES unset  up                    up

FastEthernet1              unassigned      YES unset  up                    up

FastEthernet2              unassigned      YES unset  up                    up

FastEthernet3              unassigned      YES unset  up                    up

FastEthernet4              79.*.*.*   YES NVRAM  up                    up

Vlan1                      10.*.*.*+1      YES NVRAM  up                    up

NVI0                       unassigned      NO  unset  up                    up

Virtual-Template1          79.*.*.*    YES TFTP   down                  down

Virtual-Access1            unassigned      YES unset  down                  down

Virtual-Access2            79.*.*.*   YES TFTP   up                    up

Virtual-Access3            79.*.*.*    YES TFTP   up                    up

Emi

New Member

VPN Site-to-Site not up tunel on one router

I change Virtual_Template 1 and 2 on router X on his WLAN address, but it's still doesn't work...

On router Y I connecting use VPN Client.

Mabey someone can help me?

Hall of Fame Super Blue

VPN Site-to-Site not up tunel on one router

Apologies for missing your reply.

You have the same crypto map applied to both the physical interface and the dialer0 interface. Can you try removing it from the dialer0 interface and retesting.

If that doesn't work can you try it in reverse ie. remove from physcial and apply to dialer0 only.

Jon

New Member

Re: VPN Site-to-Site not up tunel on one router

[ I clik correct answer on mistake ]

I tried it yesterday.

When I removed it on dialer0 i haven't tunell up on router Y, they can't find crypto map.

In other side when i removed on physical int I haven't tunell up on router Y, and on router X I have coment "no crypto map on physical int".

Mabey it's imortant on router Y I have firewall, but I use Firewall ACL 83.*.*.* any, wiht SDM create. When I test tunel o router Y , I have information "Firewall settingd OK"

283
Views
0
Helpful
7
Replies
CreatePlease to create content