Dear Team
I have a problem for ipsec VPN configuration. when using show crypto session it showing session is down at both ends. Routers configuration is mentioned below:- But i can ping both ends of the routers with the ip 192.168.1.1 and 10.0.1.1. please correct my mistake or guide me further for this .... R1#show run Building configuration... Current configuration : 1193 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 ! ! ip cef no ip domain lookup ip domain name lab.local ! ! ! crypto isakmp policy 10 encr aes authentication pre-share group 2 crypto isakmp key 6 cisco address 172.16.1.2 ! ! crypto ipsec transform-set myset esp-aes esp-sha-hmac ! crypto map mymap 10 ipsec-isakmp set peer 172.16.1.2 set transform-set myset match address 101 ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 duplex auto speed auto crypto map mymap ! interface FastEthernet1/0 ip address 172.16.1.1 255.255.255.0 duplex auto speed auto ! router eigrp 10 network 172.16.0.0 network 192.168.1.0 no auto-summary ! no ip http server no ip http secure-server ! ! ! access-list 101 permit ip 192.168.1.0 0.0.0.255 10.0.1.0 0.0.0.255 ! ! ! control-plane ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end R1#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.1.1 YES manual up up FastEthernet1/0 172.16.1.1 YES manual up up R1#show crypto session Crypto session current status Interface: FastEthernet0/0 Session status: DOWN Peer: 172.16.1.2 port 500 IPSEC FLOW: permit ip 192.168.1.0/255.255.255.0 10.0.1.0/255.255.255.0 Active SAs: 0, origin: crypto map ==================================================================== R2#sho run Building configuration... Current configuration : 1187 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 ! ! ip cef no ip domain lookup ip domain name lab.local ! ! ! crypto isakmp policy 10 encr aes authentication pre-share group 2 crypto isakmp key 6 cisco address 172.16.1.1 ! ! crypto ipsec transform-set myset esp-aes esp-sha-hmac ! crypto map mymap 10 ipsec-isakmp set peer 172.16.1.1 set transform-set myset match address 101 ! ! ! ! interface FastEthernet0/0 ip address 10.0.1.1 255.255.255.0 duplex auto speed auto crypto map mymap ! interface FastEthernet1/0 ip address 172.16.1.2 255.255.255.0 duplex auto speed auto ! router eigrp 10 network 10.0.0.0 network 172.16.0.0 no auto-summary ! no ip http server no ip http secure-server ! ! ! access-list 101 permit ip 10.0.1.0 0.0.0.255 192.168.1.0 0.0.0.255 ! ! ! control-plane ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end R2#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 10.0.1.1 YES manual up up FastEthernet1/0 172.16.1.2 YES manual up up R2#show crypto session Crypto session current status Interface: FastEthernet0/0 Session status: DOWN Peer: 172.16.1.1 port 500 IPSEC FLOW: permit ip 10.0.1.0/255.255.255.0 192.168.1.0/255.255.255.0 Active SAs: 0, origin: crypto map Regards Waheed
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
