Announcement

Collapse
No announcement yet.

what is wrong in this confration

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • what is wrong in this confration

    hello all
    i make lab by gns3 vpn site to site
    between 2 routers
    i will paste configration for 2 router
    and no ping replay from router 1 to router 2
    and i put command
    show crypto isakmp sa
    show crypto isakmp peet
    and no thing desplay[INDENT]#show run
    R2#show running-config
    Building configuration...
    Current configuration : 1178 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname R2
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 $1$5N6G$8N4yb8I3UJHJZ.vPSChoX0
    !
    no aaa new-model
    memory-size iomem 5
    !
    !
    ip cef
    no ip domain lookup
    !
    !
    crypto isakmp policy 1
    encr aes
    authentication pre-share
    group 2
    crypto isakmp key cisco address 10.10.10.2
    !
    !crypto ipsec transform-set myset esp-aes esp-sha-hmac
    !
    crypto map najranto_nadi 1 ipsec-isakmp
    set peer 10.10.10.2
    set transform-set myset
    match address 101
    !
    interface Ethernet0/0
    ip address 10.10.10.1 255.0.0.0
    half-duplex
    crypto map najranto_nadi
    !
    interface Ethernet0/1
    ip address 192.168.1.1 255.255.255.0
    half-duplex
    !
    interface Ethernet0/2
    no ip address
    shutdown
    half-duplex
    !
    interface Ethernet0/3
    no ip address
    shutdown
    half-duplex
    !
    no ip http server
    no ip http secure-server
    !
    access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
    !
    control-plane
    !
    line con 0
    exec-timeout 0 0
    logging synchronous
    line aux 0
    line vty 0 4
    password cisco
    login
    !
    !
    end
    ROuter 1 show run
    R1#show running-config
    Building configuration...
    Current configuration : 1107 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname R1
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    memory-size iomem 5
    !
    !
    ip cef
    no ip domain lookup
    !

    crypto isakmp policy 1
    encr aes
    authentication pre-share
    group 2
    crypto isakmp key cisco address 10.10.10.1
    !
    !crypto ipsec transform-set myset esp-aes esp-sha-hmac
    !
    crypto map naditonajran 1 ipsec-isakmp
    set peer 10.10.10.1
    set transform-set myset
    match address 101
    !!
    !interface Ethernet0/0
    ip address 10.10.10.2 255.0.0.0
    half-duplex
    crypto map naditonajran
    !
    interface Ethernet0/1
    ip address 192.168.2.1 255.255.255.0
    half-duplex
    !
    interface Ethernet0/2
    no ip address
    shutdown
    half-duplex
    !
    interface Ethernet0/3
    no ip address
    shutdown
    half-duplex
    !
    no ip http server
    no ip http secure-server
    !
    access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
    !
    !
    control-plane
    !!
    line con 0
    exec-timeout 0 0
    logging synchronous
    line aux 0
    line vty 0 4
    !
    !
    end
    Last edited by Wired; 11th November 2011, 08:15. Reason: removed copy / paste bit from another site

  • #2
    Re: what is wrong in this confration

    it looks like your transport-set myset line is commented out.
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: what is wrong in this confration

      thanks u for replay me sir
      how i can correct this command plz inform me right command to make it concection

      Comment


      • #4
        Re: what is wrong in this confration

        Other than the comment on the transformset mentioned by tehcamel, your crypto-map configuration looks good.

        But... you do not have a default route specified, so the router does not know where to route traffic for the remote networks. i.e the ipsec sa

        Try adding the following on each router to help it route traffic to the SA

        Code:
         
        R1
        ip route 192.168.1.0 255.255.255.0 Ethernet0/0
         
        R2
        ip route 192.168.2.0 255.255.255.0 Ethernet0/0
        Also, when you ping, make sure you specify the source interface (e0/1) so the source address will match the ACL in the crypto map.

        Code:
        ping 192.168.1.1 source e0/1

        Comment


        • #5
          Re: what is wrong in this confration

          same result requst time out
          what is wrong

          Comment


          • #6
            Re: what is wrong in this confration

            can u please write confgration correct to routers
            nd i try to see what is wrong there
            in this lab

            Comment


            • #7
              Re: what is wrong in this confration

              Your configurations work fine. Using GNS3, I copied your configurations into 3725 routers. All I added was the additional routes as mentioned to get the tunnel to come up.

              See attachments
              Attached Files

              Comment


              • #8
                Re: what is wrong in this confration

                to many thanks sir
                king regards

                Comment

                Working...
                X