Re: [c-nsp] IPSEC site to site

Mon, 16 Sep 2013 00:34:09 -0700 

Thanks Ernest , I had a problem in routing and it's solved now
Thanks again

Date: Sun, 15 Sep 2013 09:22:52 -0400
Subject: Re: [c-nsp] IPSEC site to site
From: [email protected]
To: [email protected]
CC: [email protected]

MK,
It is a bit hard for me to interpret the output(formatting off on my computer), 
but do you have routes to the 192.168.13.3 and 10.1.24.4 hosts?  Also, whats 
the output when you debug ISAKMP?

E

42,

Ernest McCaleb
 
- Just when you think you know the answers, I change the questions. -- "Rowdy" 
Roddy Piper



On Sun, Sep 15, 2013 at 8:35 AM, M K <[email protected]> wrote:

Hi all , I am trying to simulate IPSEC VPN on GNS3R3 f1/0 - R1 f2/0 - R1 s1/0 - 
R2 s1/0 - R2 f2/0 - R4 f1/0

Below is my configuration

R1crypto isakmp policy 1 encr aes 128 hash sha authentication pre-share group 2 
lifetime 86400crypto isakmp key cisco address 192.1.12.2 no-xauth!!crypto ipsec 
transform-set SET esp-aes esp-sha-hmac!crypto map MAP 1 ipsec-isakmp  set peer 
192.1.12.2 set transform-set SET  match address 100


access-list 100 permit ip 192.168.13.0 0.0.0.255 10.1.24.0 0.0.0.255

int s1/0crypto map MAP

R2!crypto isakmp policy 1 encr aes 128 hash sha authentication pre-share group 
2 lifetime 86400crypto isakmp key cisco address 192.1.12.1 no-xauth!!crypto 
ipsec transform-set SET esp-aes esp-sha-hmac!crypto map MAP 1 ipsec-isakmp  set 
peer 192.1.12.1 set transform-set SET  match address 101


access-list 101 permit ip 10.1.24.0 0.0.0.255 192.168.13.0 0.0.0.255

int s1/0crypto map MAP

I got the message *Sep 15 14:29:07.255: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON

But nothing is working R3#ping 10.1.24.4Type escape sequence to abort.Sending 
5, 100-byte ICMP Echos to 10.1.24.4, timeout is 2 seconds:.....Success rate is 
0 percent (0/5)

R4#ping 192.168.13.3Type escape sequence to abort.Sending 5, 100-byte ICMP 
Echos to 192.168.13.3, timeout is 2 seconds:.....Success rate is 0 percent (0/5)

R1#sh crypto isakmp sa IPv4 Crypto ISAKMP SAdst             src             
state          conn-id status

IPv6 Crypto ISAKMP SA

R1#

R2#sh crypto isakmp sa IPv4 Crypto ISAKMP SAdst             src             
state          conn-id status

IPv6 Crypto ISAKMP SA

R2#

What is missing ?

Thanks

_______________________________________________

cisco-nsp mailing list  [email protected]

https://puck.nether.net/mailman/listinfo/cisco-nsp

archive at http://puck.nether.net/pipermail/cisco-nsp/


                                          
_______________________________________________
cisco-nsp mailing list  [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Reply via email to