[ansible-devel] Try to create Site to Site VPN between 2 Cisco Router: Problem with authentication pre-share ---->

Samya Ghosh Fri, 18 Aug 2017 02:10:55 -0700

Dear All, 

I am trying to create a site to site VPN tunnel within 2 cisco Router.


Here is my playbook ---------->


## YAML Template.
## YAML Template.
---
- hosts: ciscors
  connection: local
  gather_facts: false

  vars:
    cli:
        username: "{{ user }}"
        password: "{{ pass }}"
        secret: "{{ secret }}"
        ciscoios: 'ciscors'
        ciscoiosssh: 'ciscors_ssh'
        #localfile: 'C:/Users/sg05477/GNS3/images/IOS.bin'
        #remotefile: 'c7200-advipservicesk9-mz.152-4.S5.bin'
        transport: cli

  tasks:
      
    - debug:
        msg : "1: {{ user }}" 
    - debug:
        msg : "2: {{ pass }}"
    - debug:
        msg : "3: {{ secret }}"
    - name: Configure VPN R1R2
      ios_config:
        provider: "{{ cli }}"        
        lines:             
          - crypto isakmp policy 10
          #- hash md5
          - authentication pre-share
          - encryption 3des
          - group 2
          - hash md5
          - lifetime 86400
          - exit
          - crypto isakmp key 0 admin address 192.168.1.11
          - crypto ipsec transform-set TRANS esp-3des esp-sha-hmac
          - exit
          - access-list 100 permit icmp any any
          - crypto map MYMAP 10 ipsec-isakmp
          - match address 100
          - set peer 192.168.1.11
          - set pfs group2
          - set transform-set TRANS
          - set security-association lifetime seconds 86400
          - exit
          - interface GigabitEthernet 4/0
          - crypto map MYMAP
          - end
          
        
        
    - name: Configure VPN R2R1
      ios_config:
        provider: "{{ cli }}"
        lines:  
          - crypto isakmp policy 10
          #- hash md5
          - authentication pre-share
          - encryption 3des
          - group 2
          - hash md5
          - lifetime 86400
          - exit
          - crypto isakmp key 0 admin address 192.168.1.12
          - crypto ipsec transform-set MYTRANS esp-3des esp-sha-hmac
          - exit
          - access-list 100 permit icmp any any
          - crypto map MYMAP 10 ipsec-isakmp
          - match address 100
          - set peer 192.168.1.12
          - set pfs group2
          - set transform-set MYTRANS
          - set security-association lifetime seconds 86400
          - exit
          - interface GigabitEthernet 4/0
          - crypto map MYMAP
          - end    
        
    - name: Verify Configurations
      ios_command:
        commands:
          - show crypto isakmp sa  
          - show crypto ipsec sa
        provider: "{{ cli }}" 
      register: config
      
    - name: save output to /home/samya/s2svpn/ConfigurationTask/VPN
      copy:
        content: "{{ config.stdout[0] }}"
        dest: "/home/samya/s2svpn/ConfigurationTask/VPN/VPN_details{{ 
inventory_hostname }}.txt"





But I get error to run this playbook 



Error is 

samya@samya-VirtualBox:~/s2svpn/ConfigurationTask$ sudo ansible-playbook 
VPNconfigR1R2.yml

PLAY [ciscors] 
***********************************************************************************************************************************************************

TASK [debug] 
*************************************************************************************************************************************************************
ok: [192.168.1.12] => {
    "msg": "1: admin"
}
ok: [192.168.1.11] => {
    "msg": "1: admin"
}

TASK [debug] 
*************************************************************************************************************************************************************
ok: [192.168.1.12] => {
    "msg": "2: admin"
}
ok: [192.168.1.11] => {
    "msg": "2: admin"
}

TASK [debug] 
*************************************************************************************************************************************************************
ok: [192.168.1.12] => {
    "msg": "3: admin"
}
ok: [192.168.1.11] => {
    "msg": "3: admin"
}

TASK [Configure VPN R1R2] 
************************************************************************************************************************************************
fatal: [192.168.1.11]: FAILED! => {"changed": false, "command": 
"authentication pre-share", "failed": true, "msg": "authentication 
pre-share\r\n                 ^\r\n% Invalid input detected at '^' 
marker.\r\n\r\nR2_CE(config)#", "rc": 1}
fatal: [192.168.1.12]: FAILED! => {"changed": false, "command": 
"authentication pre-share", "failed": true, "msg": "authentication 
pre-share\r\n                 ^\r\n% Invalid input detected at '^' 
marker.\r\n\r\nR1_CE(config)#", "rc": 1}
to retry, use: --limit 
@/home/samya/s2svpn/ConfigurationTask/VPNconfigR1R2.retry

PLAY RECAP 
***************************************************************************************************************************************************************
192.168.1.11               : ok=3    changed=0    unreachable=0    failed=1 
  
192.168.1.12               : ok=3    changed=0    unreachable=0    failed=1 
  




Anyone have any idea , how i solve this problem. 


Thanks 

Samya 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-devel+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-devel] Try to create Site to Site VPN between 2 Cisco Router: Problem with authentication pre-share ---->

Reply via email to