7200emu.hacki.at Forum Index 7200emu.hacki.at
Dynamips, Dynagen and all that stuff
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
7200emu.hacki.at Forum Index

hackibr>

VPN issue.

 
Post new topic   Reply to topic    7200emu.hacki.at Forum Index -> CCNP and CCIP
View previous topic :: View next topic  
Author Message
Asim



Joined: 06 Jul 2009
Posts: 2
Location: Pakistan

PostPosted: Mon Jul 06, 2009 5:24 am    Post subject: VPN issue. Reply with quote

Hello to everyone,

I am new to this forum. I need your help about my VPN configs. I try these configs on real equipment and also on Dynamics but my VPN doesn't comes up. There is my configs.

***********R1***********
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key 1927612864128345963222275963022268412375563912654222376 address 172.16.10.1

crypto ipsec transform-set LAB-IPsec esp-des esp-md5-hmac

crypto map VPN-1 10 ipsec-isakmp
set peer 172.16.10.1
set transform-set BLACK-IPsec
match address 101

interface Tunnel0
bandwidth 1536
ip address 10.50.102.1 255.255.255.252
ip access-group 150 out
keepalive 10 3
tunnel source 172.16.10.2
tunnel destination 172.16.10.1
crypto map VPN-1

interface Serial0/0/1
bandwidth 1536
ip address 172.16.10.2 255.255.255.252


access-list 101 permit gre host 172.16.10.2 host 172.16.10.1
access-list 150 permit ip any any



**********R2***********
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2

crypto isakmp key 1927612864128345963222275963022268412375563912654222376 address 172.16.10.2

crypto ipsec transform-set LAB-IPsec esp-des esp-md5-hmac

crypto map VPN-1 10 ipsec-isakmp
set peer 172.16.10.2
set transform-set BLACK-IPsec
match address 101

interface Tunnel0
bandwidth 1536
ip address 10.50.102.2 255.255.255.252
ip access-group 150 out
keepalive 10 3
tunnel source 172.16.10.1
tunnel destination 172.16.10.2
crypto map VPN-1


interface Serial0/0/0
bandwidth 1536
ip address 172.16.10.1 255.255.255.252


access-list 101 permit gre host 172.16.10.1 host 172.16.10.2
access-list 150 permit ip any any


My tunnel and serial interfaces are up. I can ping across then, but when I enter command show crypto sessions then my status: DOWN.

Need immediate help. Your help is much apprecicated.
Back to top
View user's profile Send private message
conspathas



Joined: 28 Mar 2007
Posts: 1217
Location: CCIE

PostPosted: Mon Jul 06, 2009 3:34 pm    Post subject: Reply with quote

Check my post on the subject here from a while back. There's a working config you can reference.

The only thing to note is that the serial interfaces between the two example routers aren't directly connected - they're a few hops away from each other - which won't matter - just important to note as it might be a little confusing on its own.
Back to top
View user's profile Send private message Visit poster's website
Asim



Joined: 06 Jul 2009
Posts: 2
Location: Pakistan

PostPosted: Mon Jul 06, 2009 9:32 pm    Post subject: I am using three routers. Reply with quote

I am using at least three routers but the problem is same. My question is that why my GRE tunnel Status show down when I enter sh crypto sessions .

Really thanx for your reply.
Back to top
View user's profile Send private message
conspathas



Joined: 28 Mar 2007
Posts: 1217
Location: CCIE

PostPosted: Mon Jul 06, 2009 10:55 pm    Post subject: Reply with quote

Hrm - what are your debugs telling you?
Back to top
View user's profile Send private message Visit poster's website
motke



Joined: 24 Apr 2008
Posts: 11

PostPosted: Fri Jul 10, 2009 7:32 pm    Post subject: Reply with quote

Most likely your VPN headends didn't form any ISAKMP SA (no IKE phase 1) -- you can check that with 'sh crypto isakmp sa'

You forgot to bind the crypto map to the physical outgoing interface which is the Serial interface at both routers. Do that and it'll work.
Back to top
View user's profile Send private message
elizabethbiwan



Joined: 10 Feb 2016
Posts: 36

PostPosted: Fri Feb 12, 2016 4:24 am    Post subject: Reply with quote

A minimal VPN implementation has a RAS PPTP server connected to the Internet a client connected to the Internet and a PPTP connection between the server and the client.As long as ISP service or Internet connectivity is available clients can connect to your server or LAN from anywhere in the world. However most VPNs aren't as simple as a connected server and client. More often the VPN server is on a routed LAN segment often behind a firewall and the client connection uses an ISP network which also employs routers and firewalls.
_________________
Pass4sure 300-101
Pass4sure 400-101
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    7200emu.hacki.at Forum Index -> CCNP and CCIP All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


 


Powered by phpBB © 2001, 2005 phpBB Group