06-27-2014 07:46 AM - edited 03-04-2019 11:14 PM
06-27-2014 01:46 PM
Hello
What is you issue?
Can you show you routing protocol ( if any) and also you Ipsec configuration.
res
Paul
06-28-2014 01:32 PM
crypto isakmp policy 1
encr aes 256
hash md5
authentication pre-share
group 2
crypto isakmp key DMVPN@2013 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set dmvpnK esp-aes esp-sha-hmac
!
crypto ipsec profile IpsecK
set security-association lifetime seconds 86400
set transform-set dmvpnK
i have Ipsec configurate but i can't ping or Telnet into ISP1 from ISP2 .i also can't ping my tunnel ip address.
i
06-28-2014 03:55 AM
your configuration looking great but you are missing some points which cisco recomend
ip mtu 1400
tunnel key 0
for reference see link below:
http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/47541-dmvpn-ezvpn-isakmp.html
HTH
kazim
06-28-2014 01:31 PM
crypto isakmp policy 1
encr aes 256
hash md5
authentication pre-share
group 2
crypto isakmp key DMVPN@2013 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set dmvpnK esp-aes esp-sha-hmac
!
crypto ipsec profile IpsecK
set security-association lifetime seconds 86400
set transform-set dmvpnK
i have Ipsec configurate but i can't ping or Telnet into ISP1 from ISP2 .i also can't ping my tunnel ip address.
06-30-2014 01:37 AM
hi,
you're missing the tunnel key <key> command on both hub and spoke routers (MAIN and CLIENT).
both should reference to same key number.
could you also try to using the interface name instead of an IP address for your tunnel source?
make sure both can ping each other.
tunnel source GigabitEthernet0
Try creating loopbacks with private IP address and static routing configured.
Issue a ping and show commands below and kindly post the output:
show ip nhrp
debug tunnel
06-30-2014 06:43 AM
Hello
Does the IPsec/gre work without NHRP being configured?
Do you have reachability between the tunnel endpoints before applying IPsec and NHRP?
I would suggest if you not going to use dynamic routing, Then make your static routes more specific and specify the traffic that you want be encrypted point to go over the tunnel
ip route x.x.x.x y.y.y.y tunnel 0
Also trying applying the following on both hub/spoke
Int tun 0
Ip mtu 1400
ip tcp adjust-mss 1360
tunnel key 0
res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide