Dear Parvees , Please check the attached configuration files and topology diagram.
thanking in advance..... With Regards Waheed Ahmed +971-55-7720310 ________________________________ From: Parvees M <[email protected]> To: waheed Ahmed <[email protected]> Cc: Fawad Khan <[email protected]>; ccie_security <[email protected]> Sent: Saturday, October 27, 2012 9:17 PM Subject: Re: [OSL | CCIE_Security] IP Sec configuration problem Share the complete configuration .... With best regards, Parvees M Davida CCNP ,CISSP,JNCIS-FWV,ITIL V3 On Sat, Oct 27, 2012 at 9:05 PM, waheed Ahmed <[email protected]> wrote: Now i re-configured crypto map mymap to fastethernet interfaces and i removed the routing protocols also. but still status is down .... > > R1#show crypto session >Crypto session current status > >Interface: FastEthernet1/0 > >Session status: DOWN >Peer: 172.16.1.2 port 500 > IPSEC FLOW: permit ip 192.168.1.0/255.255.255.0 10.0.1.0/255.255.255.0 > Active SAs: 0, origin: crypto map > > > > R2#show crypto session >Crypto session current status > >Interface: FastEthernet1/0 >Session status: DOWN >Peer: 172.16.1.1 port 500 > IPSEC FLOW: permit ip 10.0.1.0/255.255.255.0 192.168.1.0/255.255.255.0 > > Active SAs: 0, origin: crypto map > > > > > > >With Regards >Waheed Ahmed >+971-55-7720310 > > > >________________________________ > From: Fawad Khan <[email protected]> >To: Parvees M <[email protected]> >Cc: waheed Ahmed <[email protected]>; ccie_security ><[email protected]> >Sent: Saturday, October 27, 2012 8:33 PM > >Subject: Re: [OSL | CCIE_Security] IP Sec configuration problem > > > >As parveen said apply crypto map on fa 1/0 >You are able to ping because of existing routing between the two routers >On Saturday, October 27, 2012, Parvees M wrote: > >you are applying cryptomap to the wrong interface. >> >>apply it on fa1/0 >> >>your vpn related configuration at both ends are based on this interface >> >> >> >> >> >>With best regards, >> >> Parvees M Davida >> CCNP ,CISSP,JNCIS-FWV,ITIL V3 >> >> >> >> >> >> >> >>On Sat, Oct 27, 2012 at 7:02 PM, waheed Ahmed <[email protected]> wrote: >> >>Dear Team >>> >>> >>> >>>I have a problem for ipsec VPN configuration. when using show crypto session >>>it showing session is down at both ends. Routers configuration is mentioned >>>below:- >>> >>> >>> >>>But i can ping both ends of the routers with the ip 192.168.1.1 and >>>10.0.1.1. please correct my mistake or guide me further for this .... >>> >>> >>> >>> R1#show run >>>Building configuration... >>> >>>Current configuration : 1193 bytes >>>! >>>version 12.4 >>>service timestamps debug datetime msec >>>service timestamps log datetime msec >>>no service password-encryption >>>! >>>hostname R1 >>>! >>>boot-start-marker >>>boot-end-marker >>>! >>>! >>>no aaa new-model >>>memory-size iomem 5 >>>! >>>! >>>ip cef >>>no ip domain lookup >>>ip domain name lab.local >>>! >>>! >>> >>>! >>>crypto isakmp policy 10 >>> encr aes >>> authentication pre-share >>> group 2 >>>crypto isakmp key 6 cisco address 172.16.1.2 >>>! >>>! >>>crypto ipsec transform-set myset esp-aes esp-sha-hmac >>>! >>>crypto map mymap 10 ipsec-isakmp >>> set peer 172.16.1.2 >>> set transform-set myset >>> match address 101 >>> >>>! >>>interface FastEthernet0/0 >>> ip address 192.168.1.1 255.255.255.0 >>> duplex auto >>> speed auto >>> crypto map mymap >>>! >>>interface FastEthernet1/0 >>> ip address 172.16.1.1 255.255.255.0 >>> duplex auto >>> speed auto >>>! >>>router eigrp 10 >>> network 172.16.0.0 >>> network 192.168.1.0 >>> no auto-summary >>>! >>>no ip http server >>>no ip http secure-server >>>! >>>! >>>! >>>access-list 101 permit ip 192.168.1.0 0.0.0.255 10.0.1.0 0.0.0.255 >>>! >>>! >>>! >>>control-plane >>>! >>> >>>! >>>line con 0 >>> exec-timeout 0 0 >>> privilege level 15 >>> logging synchronous >>>line aux 0 >>> exec-timeout 0 0 >>> privilege level 15 >>> logging synchronous >>>line vty 0 4 >>> login >>>! >>>! >>>end >>> >>>R1#show ip interface brief >>>Interface IP-Address OK? Method Status >>>Protocol >>>FastEthernet0/0 192.168.1.1 YES manual up >>>up >>>FastEthernet1/0 172.16.1.1 YES manual up >>>up >>> >>>R1#show crypto session >>>Crypto session current status >>> >>>Interface: FastEthernet0/0 >>>Session status: DOWN >>>Peer: 172.16.1.2 port 500 >>> IPSEC FLOW: permit ip 192.168.1.0/255.255.255.0 10.0.1.0/255.255.255.0 >>> Active SAs: 0, origin: crypto map >>> >>> ==================================================================== >>> >>> >>>R2#sho run >>>Building configuration... >>> >>>Current configuration : 1187 bytes >>>! >>>version 12.4 >>>service timestamps debug datetime msec >>>service timestamps log datetime msec >>>no service password-encryption >>>! >>>hostname R2 >>>! >>>boot-start-marker >>>boot-end-marker >>>! >>>! >>>no aaa new-model >>>memory-size iomem 5 >>>! >>>! >>>ip cef >>>no ip domain lookup >>>ip domain name lab.local >>>! >>> >>>! >>>! >>>crypto isakmp policy 10 >>> encr aes >>> authentication pre-share >>> group 2 >>>crypto isakmp key 6 cisco address 172.16.1.1 >>>! >>>! >>>crypto ipsec transform-set myset esp-aes esp-sha-hmac >>>! >>>crypto map mymap 10 ipsec-isakmp >>> set peer 172.16.1.1 >>> set transform-set myset >>> match address 101 >>>! >>>! >>>! >>>! >>>interface FastEthernet0/0 >>> ip address 10.0.1.1 255.255.255.0 >>> duplex auto >>> speed auto >>> crypto map mymap >>>! >>>interface FastEthernet1/0 >>> ip address 172.16.1.2 255.255.255.0 >>> duplex auto >>> speed auto >>>! >>>router eigrp 10 >>> network 10.0.0.0 >>> network 172.16.0.0 >>> no auto-summary >>>! >>>no ip http server >>>no ip http secure-server >>>! >>>! >>>! >>>access-list 101 permit ip 10.0.1.0 0.0.0.255 192.168.1.0 0.0.0.255 >>>! >>>! >>>! >>>control-plane >>> >>>! >>>! >>>line con 0 >>> exec-timeout 0 0 >>> privilege level 15 >>> logging synchronous >>>line aux 0 >>> exec-timeout 0 0 >>> privilege level 15 >>> logging synchronous >>>line vty 0 4 >>> login >>>! >>>! >>>end >>> >>> >>> >>>R2#show ip interface brief >>>Interface IP-Address OK? Method Status >>>Protocol >>>FastEthernet0/0 10.0.1.1 >>>Y_______________________________________________ >>>For more information regarding industry leading CCIE Lab training, please >>>visit www.ipexpert.com >>> >>>Are you a CCNP or CCIE and looking for a job? Check out >>>www.PlatinumPlacement.com >>> >> > >-- >FNK, CCIE Security#35578 > > >
<<attachment: ipsectopology.GIF>>
R2.cfg
Description: Binary data
R1.cfg
Description: Binary data
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
