Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cannot establish ipsec tunnel between two routers

Status
Not open for further replies.
drbk563

drbk563

IS-IT--Management
Nov 21, 2006
194
US
I having been trying to establish an ipsec tunnel between the two router below but I have been unsuccessful. Below are the configurations for both routers. What am I missing?

Thank you

R1 Config

crypto isakmp policy 5
encr aes
authentication pre-share
group 5
crypto isakmp key grace address 100.100.12.2
!
!
crypto ipsec transform-set TRANS esp-aes esp-sha-hmac
!
crypto map MAP1 5 ipsec-isakmp
set peer 100.100.12.2
set transform-set TRANS
match address 101


interface Serial0/0
ip address 100.100.12.1 255.255.255.0
encapsulation frame-relay
clock rate 2000000
crypto map MAP1

router rip
version 2
network 2.0.0.0
network 100.0.0.0
no auto-summary

interface Loopback0
ip address 1.1.1.1 255.255.255.0

R2 Config


crypto isakmp policy 5
encr aes
authentication pre-share
group 5
crypto isakmp key grace address 100.100.12.1
!
!
crypto ipsec transform-set TRANS esp-aes esp-sha-hmac
!
crypto map MAP1 5 ipsec-isakmp
set peer 100.100.12.1
set transform-set TRANS
match address 101


interface Serial0/0
ip address 100.100.12.2 255.255.255.0
encapsulation frame-relay
clock rate 2000000
crypto map MAP1

interface Loopback0
ip address 2.2.2.2 255.255.255.0

router rip
version 2
network 2.0.0.0
network 100.0.0.0
no auto-summary
 
Sort by date Sort by votes
What is being matched with ACL 101? You didn't include that part of your config.

CCNP, CCDP
 
Upvote 0 Downvote
Sorry about. Below is what is being match on ACL 101.

R1 -

access-list 101 permit tcp 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255 eq 1944

R2 -

access-list 101 permit tcp 2.2.2.0 0.0.0.255 1.1.1.0 0.0.0.255 eq 1944
 
Upvote 0 Downvote
you are defining your 'interesting' traffic from 1.1.1.0/24 to 2.2.2.0/24 on port TCP 1944.

so how are you tripping the crypto map to start?

assuming you are sending something from 1.1.1.1 to 2.2.2.2 that uses port 1944 and it still no proper connection , please post a

sh crypto ipsec sa

also what kind of messages are you getting when you do :

debug crypto iaskmp and debug crypto ipsec



We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
Upvote 0 Downvote
Thank you all for your help but I figured it out.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mogles49
  • Locked
  • Question
tshooting-tunnels
Replies
0
Views
70
Mogles49
Mogles49
bmiller23
  • Locked
  • Question
Issues Between Cisco Network & NVT Phybridge POLRE 8 Port Extender
Replies
13
Views
289
VinceWhirlwind
VinceWhirlwind
detewe
  • Locked
  • Question
JTAG pinout on Linksys E4200v2 / EA4500 routers
Replies
0
Views
116
detewe
detewe
DigitalG
  • Locked
  • Question
cisco rv180 vpn tunnel between a rv130
Replies
0
Views
56
DigitalG
DigitalG
napoleao
  • Locked
  • Question
IPSec VPN
Replies
3
Views
109
napoleao
napoleao

Part and Inventory Search

Sponsor

Back
Top