[OSL | CCIE_Security] Tunnel without GRE or ACL

Fri, 06 May 2011 10:59:01 -0700 

Hi,

Im trying to build a IPSEC Tunnel without GRE, ACL. Im tried it with the 
following configuration:

Plan:



   R1-------------------------------ASA------------------------------------R2



   fa0/1                  outside:40.40.1.10                     fa0/1



   40.40.1.1            inside:40.40.100.10                 40.40.100.2



   L0:192.168.1.1                                                 L0:192.168.2.2




ICMP, ESP and ISAKMP is allowed through ASA




R2:



crypto keyring WPSK



  pre-shared-key address 40.40.1.1 key cisco123






crypto isakmp policy 10



encr 3des



authentication pre-share



group 2



crypto isakmp profile DVTI



   match identity address 40.40.1.1 255.255.255.255









crypto ipsec transform-set myset esp-3des esp-sha-hmac






crypto ipsec profile VTI



set transform-set myset



set isakmp-profile DVTI

interface Loopback0



ip address 192.168.2.2 255.255.255.0






interface Tunnel0



ip address 10.10.10.2 255.255.255.0



tunnel source FastEthernet0/1



tunnel destination 40.40.1.1



tunnel mode ipsec ipv4



tunnel protection ipsec profile VTI






interface FastEthernet0/1



ip address 40.40.100.2 255.255.255.0



duplex auto



speed auto






router eigrp 100



network 10.10.10.2 0.0.0.0



network 192.168.2.2 0.0.0.0



no auto-summary






ip route 40.40.1.0 255.255.255.0 40.40.100.10







R1:




crypto keyring WPSK



  pre-shared-key address 40.40.100.2 key cisco






crypto isakmp policy 10



encr 3des



authentication pre-share



group 2



crypto isakmp profile DVTI



   keyring WPSK



   match identity address 40.40.100.2 255.255.255.255



   virtual-template 1




crypto ipsec transform-set myset esp-3des esp-sha-hmac




crypto ipsec profile VTI



set transform-set myset



set isakmp-profile DVTI



interface Loopback0



ip address 192.168.1.1 255.255.255.0




interface FastEthernet0/1



ip address 40.40.1.1 255.255.255.0



speed 100



full-duplex



interface Virtual-Template1 type tunnel



ip address 10.10.10.1 255.255.255.0



tunnel mode ipsec ipv4



tunnel protection ipsec profile VTI




router eigrp 100



network 192.168.1.1 0.0.0.0



no auto-summary




ip route 40.40.100.0 255.255.255.0 40.40.1.10


Its not working yet. Somebody know whats wrong with the configuration ?


Thanks!

regards,

Robert 

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to