Dear All, I am trying to create a site to site VPN tunnel within 2 cisco Router.
Here is my playbook ----------> ## YAML Template. ## YAML Template. --- - hosts: ciscors connection: local gather_facts: false vars: cli: username: "{{ user }}" password: "{{ pass }}" secret: "{{ secret }}" ciscoios: 'ciscors' ciscoiosssh: 'ciscors_ssh' #localfile: 'C:/Users/sg05477/GNS3/images/IOS.bin' #remotefile: 'c7200-advipservicesk9-mz.152-4.S5.bin' transport: cli tasks: - debug: msg : "1: {{ user }}" - debug: msg : "2: {{ pass }}" - debug: msg : "3: {{ secret }}" - name: Configure VPN R1R2 ios_config: provider: "{{ cli }}" lines: - crypto isakmp policy 10 #- hash md5 - authentication pre-share - encryption 3des - group 2 - hash md5 - lifetime 86400 - exit - crypto isakmp key 0 admin address 192.168.1.11 - crypto ipsec transform-set TRANS esp-3des esp-sha-hmac - exit - access-list 100 permit icmp any any - crypto map MYMAP 10 ipsec-isakmp - match address 100 - set peer 192.168.1.11 - set pfs group2 - set transform-set TRANS - set security-association lifetime seconds 86400 - exit - interface GigabitEthernet 4/0 - crypto map MYMAP - end - name: Configure VPN R2R1 ios_config: provider: "{{ cli }}" lines: - crypto isakmp policy 10 #- hash md5 - authentication pre-share - encryption 3des - group 2 - hash md5 - lifetime 86400 - exit - crypto isakmp key 0 admin address 192.168.1.12 - crypto ipsec transform-set MYTRANS esp-3des esp-sha-hmac - exit - access-list 100 permit icmp any any - crypto map MYMAP 10 ipsec-isakmp - match address 100 - set peer 192.168.1.12 - set pfs group2 - set transform-set MYTRANS - set security-association lifetime seconds 86400 - exit - interface GigabitEthernet 4/0 - crypto map MYMAP - end - name: Verify Configurations ios_command: commands: - show crypto isakmp sa - show crypto ipsec sa provider: "{{ cli }}" register: config - name: save output to /home/samya/s2svpn/ConfigurationTask/VPN copy: content: "{{ config.stdout[0] }}" dest: "/home/samya/s2svpn/ConfigurationTask/VPN/VPN_details{{ inventory_hostname }}.txt" But I get error to run this playbook Error is samya@samya-VirtualBox:~/s2svpn/ConfigurationTask$ sudo ansible-playbook VPNconfigR1R2.yml PLAY [ciscors] *********************************************************************************************************************************************************** TASK [debug] ************************************************************************************************************************************************************* ok: [192.168.1.12] => { "msg": "1: admin" } ok: [192.168.1.11] => { "msg": "1: admin" } TASK [debug] ************************************************************************************************************************************************************* ok: [192.168.1.12] => { "msg": "2: admin" } ok: [192.168.1.11] => { "msg": "2: admin" } TASK [debug] ************************************************************************************************************************************************************* ok: [192.168.1.12] => { "msg": "3: admin" } ok: [192.168.1.11] => { "msg": "3: admin" } TASK [Configure VPN R1R2] ************************************************************************************************************************************************ fatal: [192.168.1.11]: FAILED! => {"changed": false, "command": "authentication pre-share", "failed": true, "msg": "authentication pre-share\r\n ^\r\n% Invalid input detected at '^' marker.\r\n\r\nR2_CE(config)#", "rc": 1} fatal: [192.168.1.12]: FAILED! => {"changed": false, "command": "authentication pre-share", "failed": true, "msg": "authentication pre-share\r\n ^\r\n% Invalid input detected at '^' marker.\r\n\r\nR1_CE(config)#", "rc": 1} to retry, use: --limit @/home/samya/s2svpn/ConfigurationTask/VPNconfigR1R2.retry PLAY RECAP *************************************************************************************************************************************************************** 192.168.1.11 : ok=3 changed=0 unreachable=0 failed=1 192.168.1.12 : ok=3 changed=0 unreachable=0 failed=1 Anyone have any idea , how i solve this problem. Thanks Samya -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-devel+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.