Hi.. i am setting up site to site ipsec tunnel with my client. My client has ASA and i have cisco router. I have done configuration on my side and phase 1 is up but when i ping client end ip, i dont get response even at my end packet are not getting encrypted, Pls see my below config and suggest where is config issue.
interface FastEthernet0/0 description >> connected to Internet ip address X.X.X.X.13 255.255.255.224 duplex auto speed auto crypto map Policy_VPN
interface FastEthernet0/1 description >> connected to LAN<< ip address X.X.X.X.251 255.255.255.248 duplex auto speed auto
I notice that the LAN subnet in this configuration is a /29 and that the access list which identifies traffic to be encrypted in the tunnel has /24. So is 192.168.10.0 the subnet on your FastE0/1 or is it somewhere else?
You show some output from show crypto ipsec sa peer but I can not tell if this is the complete output of the command or if it is only the initial part of the output. It suggests that the phase 2 Security Association is not being negotiated. That suggests that there is some mismatch between what you have configured and what is configured on the ASA.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...