Re: [c-nsp] VPN tunnel between two Cisco 3825's

This license should be fine the SEC-K9 was a requirement for 29xx, 39xx and 4xxx - but 28xx and 38xx just needed the right IOS. As other have said - you should debug, while sourcing pings from the interesting source traffic. Maybe open IP on the ACL to the peer address while you are

Re: [c-nsp] VPN tunnel between two Cisco 3825's

Cisco 3825 (revision 1.2) with 487424K/36864K bytes of memory. Processor board ID FTX1422AH5E 2 Gigabit Ethernet interfaces 1 Virtual Private Network (VPN) Module DRAM configuration is 64 bits wide with parity enabled. 479K bytes of NVRAM. 500472K bytes of ATA System CompactFlash (Read/Write)

Re: [c-nsp] VPN tunnel between two Cisco 3825's

We have others doing a similar VPN, licensed the same, with the same IOS: On Tue, May 1, 2018 at 11:57 AM, Randy wrote: > outside-in access-lists allow proto 50, udp 500 and udp4500 if applicable? > > > > > > From: Emille Blanc

Re: [c-nsp] VPN tunnel between two Cisco 3825's

--- Begin Message --- outside-in access-lists allow proto 50, udp 500 and udp4500 if applicable? From: Emille Blanc To: Scott Miller Cc: cisco-nsp Sent: Tuesday, May 1, 2018

Re: [c-nsp] VPN tunnel between two Cisco 3825's

Since no SA shown, basically the VPN's down. If that's the output you get every time you ran this command, it doesn't even tries. First, verify you have basic connectivity between the two (ping should be enough, pay attention to sourcing it from the same local IP, as the VPN). Which takes us

Re: [c-nsp] VPN tunnel between two Cisco 3825's

Forgive the obvious question; Are your 3800's licensed for IPSEC, and or the grace period hasn't been exhausted if not? They require the SECK9 license. I'd maybe specify the local source-address in your crypto maps. Otherwise, nothing stands out as erroneous to me. -Original Message-

Re: [c-nsp] VPN tunnel between two Cisco 3825's

Both sides show the same. cpe-rpa-kal-gw-01#show cry isa sa IPv4 Crypto ISAKMP SA dst src state conn-id status IPv6 Crypto ISAKMP SA cpe-rpa-kal-gw-01# wtc-mar-gw-01# show cry isa sa IPv4 Crypto ISAKMP SA dst src state

Re: [c-nsp] VPN tunnel between two Cisco 3825's

Hi Scott, What state "show cry isa sa" the VPN ends on? Anyhow, your configuration seems to be correct (I didn't went over the ACLs though, I hope they're exact mirror of each other), Anything suspicious shows up with "debug cry isakmp"? Not passing traffic might be related to your no-nat

[c-nsp] VPN tunnel between two Cisco 3825's

I'm trying to create a VPN on two Cisco 3825's, on the same ISP in order to have access to eachother's network. On each side, I have them built as follows: Site WTC Inside network 192.168.1.0/24 192.168.2.0/24 Site RPA Inside network 192.168.3.0/24 192.168.4.0/24 WTC: crypto isakmp policy 11

Re: [c-nsp] Cisco ASR99xx 64-bit upgrade 6.3.1 to 6.3.2

On Tue, 1 May 2018 07:15 Erik Sundberg, wrote: > Here is a follow up to my email thread > Thanks for the follow-up info Erik, very helpful! Cheers, James. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net

Re: [c-nsp] MACSec Stages

This will be great. Especially documenting real world scenarios - IS-IS over MACSec, MPLS and IP. Putting PCAPs is also very good idea. I'm speaking for myself, but I think many here will agree - such documentation will really address current state of affairs. Thank you. Alex. בתאריך יום ג׳,

Re: [c-nsp] Cisco ASR99xx 64-bit upgrade 6.3.1 to 6.3.2

Here is a follow up to my email thread Cisco release the following 6.3.2 bridge smu containing the following packages. These package allow the router to handle signed RPM’s. I will assume they will eventually be up on Cisco CCO website. asr9k-sysadmin-system-6.3.1.1-r631.CSCvf01652.x86_64