l33byt1980
Vendor
Please see my two configs below. I am having issues getting the VPN up between the 2 sites.
Below is the config can any one see any issues at all.
Please note I have full net access from both of these routers all ok.
What have I missed or done wrong.
hostname MainSite
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip cef
!
!
!
!
no ip domain lookup
!
!
crypto pki trustpoint TP-self-signed-2225514024
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2225514024
revocation-check none
rsakeypair TP-self-signed-2225514024
!
!
crypto pki certificate chain TP-self-signed-2225514024
certificate self-signed 01
30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32323235 35313430 3234301E 170D3038 31313237 31373031
33365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 32323535
31343032 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D01A 85113BF7 69952643 3C1F6A3C 73B8DB50 6F10283B 257FEA7C B9BD1FE4
70F512A9 BFB8210E 4E14BB3D ACDBDFC0 6CB8E416 B43C2BD5 5B7ACDBE 46C84AFB
8EF71EA3 46217AA0 DD2571EC FDD63A75 B7F01D3E CD592873 6B1E2A84 DB0DE0AA
F448FDD1 F53E5B5E 27658EE8 A4F7E382 74CF8C5A 055CC9F6 1CDC6566 91145B8D
A4FB0203 010001A3 6E306C30 0F060355 1D130101 FF040530 030101FF 30190603
551D1104 12301082 0E416476 616E6365 54414242 45592E30 1F060355 1D230418
30168014 227D8204 4329B444 DB5215D9 41DA323D 58627F72 301D0603 551D0E04
16041422 7D820443 29B444DB 5215D941 DA323D58 627F7230 0D06092A 864886F7
0D010104 05000381 81000B37 CDF86E15 0CCDF633 039B185F 9D0F06D4 B8D87EFB
7ECA59CD 413B4197 0EA259AF 12E5F688 D668472D F25D7102 814E3183 3E9CF19E
BF2FD1DB 16756010 7506C4C5 087C4B14 2E9E238E D9A70E97 9A85FB44 8DC0C28D
400D35D3 CB7FF949 3ADB9CAA 1974690A C6BBD308 75FE469D A7FED417 BF52430A
22832B59 5671E2ED 73A7
quit
username admin privilege 15 secret 5 $1$Ynbi$A7mPlJut11mYON5JA0QbJ/
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key 1234 address aa.aa.aa.aa
!
!
crypto ipsec transform-set set1 esp-3des esp-md5-hmac
!
crypto map main_map 10 ipsec-isakmp
description ###VPN###
set peer aa.aa.aa.aa
set transform-set set1
match address 102
!
!
!
interface Loopback0
ip address 172.16.1.1 255.255.255.255
!
interface Loopback1
ip address 172.16.3.1 255.255.255.0
!
interface Multilink1
ip address negotiated
ip nat outside
no ip virtual-reassembly
no cdp enable
ppp direction callout
ppp multilink
ppp multilink group 1
crypto map main_map
!
interface FastEthernet0/0
description ***PORT CLOSED***
no ip address
shutdown
duplex auto
speed auto
no keepalive
!
interface FastEthernet0/1
description ***Uplink to Customer LAN***
ip address 10.1.1.229 255.255.255.0
ip nat inside
no ip virtual-reassembly
duplex auto
speed auto
no keepalive
!
interface ATM0/0/0
description *** Tel: xx ***
no ip address
load-interval 60
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.38 point-to-point
no snmp trap link-status
pvc 0/38
oam-pvc manage
encapsulation aal5mux ppp Virtual-Template1
!
!
interface ATM0/1/0
description *** Tel: xx ***
no ip address
load-interval 60
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/1/0.38 point-to-point
no snmp trap link-status
pvc 0/38
oam-pvc manage
encapsulation aal5mux ppp Virtual-Template1
!
!
interface Virtual-Template1
no ip address
ppp authentication chap callin
ppp chap hostname xx
ppp chap password 0 xx
ppp direction callout
ppp multilink
ppp multilink fragment disable
ppp multilink group 1
!
ip route 0.0.0.0 0.0.0.0 Multilink1
!
ip http server
ip http secure-server
ip nat inside source route-map nonat interface Multilink1 overload
!
access-list 10 permit xx
access-list 10 permit xx
access-list 101 permit ip 10.1.1.0 0.0.0.255 any
access-list 102 remark ### Traffic Match for VPN ###
access-list 102 permit ip 10.1.1.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 103 remark ### Nat exemption for VPN ###
access-list 103 deny ip 10.1.1.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 103 permit ip 10.1.1.0 0.0.0.255 any
route-map nonat permit 10
match ip address 103
!
!
!
control-plane
!
line con 0
logging synchronous
login local
line aux 0
login local
line vty 0 4
access-class 10 in
logging synchronous
login local
line vty 5 15
access-class 10 in
logging synchronous
login local
!
scheduler allocate 20000 1000
end
xxxxxx
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RemoteSite
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.2.1.1 10.2.1.30
!
ip dhcp pool xx
network 10.2.1.0 255.255.255.0
dns-server xx xx
!
!
no ip domain lookup
!
!
crypto pki trustpoint TP-self-signed-3383648989
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3383648989
revocation-check none
rsakeypair TP-self-signed-3383648989
!
!
crypto pki certificate chain TP-self-signed-3383648989
certificate self-signed 01
3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33333833 36343839 3839301E 170D3038 31313235 31373339
35355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33383336
34383938 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81009697 65C4C073 458D3ABA 42EA66E4 8D1E42DB 3919648D 7BF79C21 DBCD215D
7BB98F72 DA970B5D FD3AFAED C8DD8FDB 74D045E7 FC81307F DD96791A 4DC623C2
03517F57 863AB190 C340E760 17AFE110 4F3521AC 14880789 9AB73084 AE697D47
5F450314 C6C28EE6 ABB8F6C0 85FAD2F7 F7EA2A55 F20F031C 057A55FD B6E9575C
1E4B0203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
551D1104 17301582 13416476 616E6365 54546875 726D6173 746F6E2E 301F0603
551D2304 18301680 146D338D 21D3DCF8 A5F203BA 83AA1F34 E0D0EDEC CE301D06
03551D0E 04160414 6D338D21 D3DCF8A5 F203BA83 AA1F34E0 D0EDECCE 300D0609
2A864886 F70D0101 04050003 8181008F 4DFE28C7 9F9AD18F EC6D00B2 3302A0FF
8732A221 63D85B56 0356A24B 1BBC8A1E 638A29B7 065AEAC2 E225DFF9 941EC442
2D0F96B8 BDD5B536 9C4991E3 5135CF32 9FEDED2D E206F906 48DFB272 5D8736A3
A77D9AF0 E19FA06F B1415564 5B58DD24 EDA33E18 E5D4BEB9 EA788327 FFB97C3A
49C50805 C6C573C1 04C28889 6B6DDE
quit
username admin privilege 15 secret 5 $1$Ynbi$A7mPlJut11mYON5JA0QbJ/
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key xx address bb.bb.bb.bb
!
!
crypto ipsec transform-set set1 esp-3des esp-md5-hmac
!
crypto map main_map 10 ipsec-isakmp
description ###VPN####
set peer bb.bb.bb.bb
set transform-set set1
match address 102
!
!
!
interface Loopback0
ip address 172.16.11.1 255.255.255.255
!
interface Multilink1
ip address negotiated
ip nat outside
no ip virtual-reassembly
no cdp enable
ppp direction callout
ppp multilink
ppp multilink group 1
crypto map main_map
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
no keepalive
!
interface FastEthernet0/1
ip address 10.2.1.1 255.255.255.0
ip nat inside
no ip virtual-reassembly
duplex auto
speed auto
no keepalive
!
interface ATM0/0/0
description *** Tel: ENTER ME ***
no ip address
load-interval 60
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.38 point-to-point
no snmp trap link-status
pvc 0/38
oam-pvc manage
encapsulation aal5mux ppp Virtual-Template1
!
!
interface ATM0/1/0
description *** Tel: ENTER ME ***
no ip address
load-interval 60
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/1/0.38 point-to-point
no snmp trap link-status
pvc 0/38
oam-pvc manage
encapsulation aal5mux ppp Virtual-Template1
!
!
interface Virtual-Template1
no ip address
ppp authentication chap callin
ppp chap hostname xx
ppp chap password 0 xx
ppp direction callout
ppp multilink
ppp multilink fragment disable
ppp multilink group 1
!
ip route 0.0.0.0 0.0.0.0 Multilink1
!
ip http server
ip http secure-server
ip nat inside source route-map nonat interface Multilink1 overload
!
access-list 10 permit xx
access-list 10 permit xx
access-list 102 remark ### Traffic Match for VPN ###
access-list 102 permit ip 10.2.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 103 remark ### Nat exemption for VPN ###
access-list 103 deny ip 10.2.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 103 permit ip 10.2.1.0 0.0.0.255 any
route-map nonat permit 10
match ip address 103
!
!
!
control-plane
!
!
line con 0
logging synchronous
login local
line aux 0
login local
line vty 0 4
access-class 10 in
logging synchronous
login local
line vty 5 15
access-class 10 in
logging synchronous
login local
!
scheduler allocate 20000 1000
end
ACA - IPOffice implement
ACA - IP Telephony
CCNA - Passed at last
Below is the config can any one see any issues at all.
Please note I have full net access from both of these routers all ok.
What have I missed or done wrong.
hostname MainSite
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip cef
!
!
!
!
no ip domain lookup
!
!
crypto pki trustpoint TP-self-signed-2225514024
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2225514024
revocation-check none
rsakeypair TP-self-signed-2225514024
!
!
crypto pki certificate chain TP-self-signed-2225514024
certificate self-signed 01
30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32323235 35313430 3234301E 170D3038 31313237 31373031
33365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 32323535
31343032 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D01A 85113BF7 69952643 3C1F6A3C 73B8DB50 6F10283B 257FEA7C B9BD1FE4
70F512A9 BFB8210E 4E14BB3D ACDBDFC0 6CB8E416 B43C2BD5 5B7ACDBE 46C84AFB
8EF71EA3 46217AA0 DD2571EC FDD63A75 B7F01D3E CD592873 6B1E2A84 DB0DE0AA
F448FDD1 F53E5B5E 27658EE8 A4F7E382 74CF8C5A 055CC9F6 1CDC6566 91145B8D
A4FB0203 010001A3 6E306C30 0F060355 1D130101 FF040530 030101FF 30190603
551D1104 12301082 0E416476 616E6365 54414242 45592E30 1F060355 1D230418
30168014 227D8204 4329B444 DB5215D9 41DA323D 58627F72 301D0603 551D0E04
16041422 7D820443 29B444DB 5215D941 DA323D58 627F7230 0D06092A 864886F7
0D010104 05000381 81000B37 CDF86E15 0CCDF633 039B185F 9D0F06D4 B8D87EFB
7ECA59CD 413B4197 0EA259AF 12E5F688 D668472D F25D7102 814E3183 3E9CF19E
BF2FD1DB 16756010 7506C4C5 087C4B14 2E9E238E D9A70E97 9A85FB44 8DC0C28D
400D35D3 CB7FF949 3ADB9CAA 1974690A C6BBD308 75FE469D A7FED417 BF52430A
22832B59 5671E2ED 73A7
quit
username admin privilege 15 secret 5 $1$Ynbi$A7mPlJut11mYON5JA0QbJ/
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key 1234 address aa.aa.aa.aa
!
!
crypto ipsec transform-set set1 esp-3des esp-md5-hmac
!
crypto map main_map 10 ipsec-isakmp
description ###VPN###
set peer aa.aa.aa.aa
set transform-set set1
match address 102
!
!
!
interface Loopback0
ip address 172.16.1.1 255.255.255.255
!
interface Loopback1
ip address 172.16.3.1 255.255.255.0
!
interface Multilink1
ip address negotiated
ip nat outside
no ip virtual-reassembly
no cdp enable
ppp direction callout
ppp multilink
ppp multilink group 1
crypto map main_map
!
interface FastEthernet0/0
description ***PORT CLOSED***
no ip address
shutdown
duplex auto
speed auto
no keepalive
!
interface FastEthernet0/1
description ***Uplink to Customer LAN***
ip address 10.1.1.229 255.255.255.0
ip nat inside
no ip virtual-reassembly
duplex auto
speed auto
no keepalive
!
interface ATM0/0/0
description *** Tel: xx ***
no ip address
load-interval 60
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.38 point-to-point
no snmp trap link-status
pvc 0/38
oam-pvc manage
encapsulation aal5mux ppp Virtual-Template1
!
!
interface ATM0/1/0
description *** Tel: xx ***
no ip address
load-interval 60
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/1/0.38 point-to-point
no snmp trap link-status
pvc 0/38
oam-pvc manage
encapsulation aal5mux ppp Virtual-Template1
!
!
interface Virtual-Template1
no ip address
ppp authentication chap callin
ppp chap hostname xx
ppp chap password 0 xx
ppp direction callout
ppp multilink
ppp multilink fragment disable
ppp multilink group 1
!
ip route 0.0.0.0 0.0.0.0 Multilink1
!
ip http server
ip http secure-server
ip nat inside source route-map nonat interface Multilink1 overload
!
access-list 10 permit xx
access-list 10 permit xx
access-list 101 permit ip 10.1.1.0 0.0.0.255 any
access-list 102 remark ### Traffic Match for VPN ###
access-list 102 permit ip 10.1.1.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 103 remark ### Nat exemption for VPN ###
access-list 103 deny ip 10.1.1.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 103 permit ip 10.1.1.0 0.0.0.255 any
route-map nonat permit 10
match ip address 103
!
!
!
control-plane
!
line con 0
logging synchronous
login local
line aux 0
login local
line vty 0 4
access-class 10 in
logging synchronous
login local
line vty 5 15
access-class 10 in
logging synchronous
login local
!
scheduler allocate 20000 1000
end
xxxxxx
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RemoteSite
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.2.1.1 10.2.1.30
!
ip dhcp pool xx
network 10.2.1.0 255.255.255.0
dns-server xx xx
!
!
no ip domain lookup
!
!
crypto pki trustpoint TP-self-signed-3383648989
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3383648989
revocation-check none
rsakeypair TP-self-signed-3383648989
!
!
crypto pki certificate chain TP-self-signed-3383648989
certificate self-signed 01
3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33333833 36343839 3839301E 170D3038 31313235 31373339
35355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33383336
34383938 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81009697 65C4C073 458D3ABA 42EA66E4 8D1E42DB 3919648D 7BF79C21 DBCD215D
7BB98F72 DA970B5D FD3AFAED C8DD8FDB 74D045E7 FC81307F DD96791A 4DC623C2
03517F57 863AB190 C340E760 17AFE110 4F3521AC 14880789 9AB73084 AE697D47
5F450314 C6C28EE6 ABB8F6C0 85FAD2F7 F7EA2A55 F20F031C 057A55FD B6E9575C
1E4B0203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
551D1104 17301582 13416476 616E6365 54546875 726D6173 746F6E2E 301F0603
551D2304 18301680 146D338D 21D3DCF8 A5F203BA 83AA1F34 E0D0EDEC CE301D06
03551D0E 04160414 6D338D21 D3DCF8A5 F203BA83 AA1F34E0 D0EDECCE 300D0609
2A864886 F70D0101 04050003 8181008F 4DFE28C7 9F9AD18F EC6D00B2 3302A0FF
8732A221 63D85B56 0356A24B 1BBC8A1E 638A29B7 065AEAC2 E225DFF9 941EC442
2D0F96B8 BDD5B536 9C4991E3 5135CF32 9FEDED2D E206F906 48DFB272 5D8736A3
A77D9AF0 E19FA06F B1415564 5B58DD24 EDA33E18 E5D4BEB9 EA788327 FFB97C3A
49C50805 C6C573C1 04C28889 6B6DDE
quit
username admin privilege 15 secret 5 $1$Ynbi$A7mPlJut11mYON5JA0QbJ/
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key xx address bb.bb.bb.bb
!
!
crypto ipsec transform-set set1 esp-3des esp-md5-hmac
!
crypto map main_map 10 ipsec-isakmp
description ###VPN####
set peer bb.bb.bb.bb
set transform-set set1
match address 102
!
!
!
interface Loopback0
ip address 172.16.11.1 255.255.255.255
!
interface Multilink1
ip address negotiated
ip nat outside
no ip virtual-reassembly
no cdp enable
ppp direction callout
ppp multilink
ppp multilink group 1
crypto map main_map
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
no keepalive
!
interface FastEthernet0/1
ip address 10.2.1.1 255.255.255.0
ip nat inside
no ip virtual-reassembly
duplex auto
speed auto
no keepalive
!
interface ATM0/0/0
description *** Tel: ENTER ME ***
no ip address
load-interval 60
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.38 point-to-point
no snmp trap link-status
pvc 0/38
oam-pvc manage
encapsulation aal5mux ppp Virtual-Template1
!
!
interface ATM0/1/0
description *** Tel: ENTER ME ***
no ip address
load-interval 60
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/1/0.38 point-to-point
no snmp trap link-status
pvc 0/38
oam-pvc manage
encapsulation aal5mux ppp Virtual-Template1
!
!
interface Virtual-Template1
no ip address
ppp authentication chap callin
ppp chap hostname xx
ppp chap password 0 xx
ppp direction callout
ppp multilink
ppp multilink fragment disable
ppp multilink group 1
!
ip route 0.0.0.0 0.0.0.0 Multilink1
!
ip http server
ip http secure-server
ip nat inside source route-map nonat interface Multilink1 overload
!
access-list 10 permit xx
access-list 10 permit xx
access-list 102 remark ### Traffic Match for VPN ###
access-list 102 permit ip 10.2.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 103 remark ### Nat exemption for VPN ###
access-list 103 deny ip 10.2.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 103 permit ip 10.2.1.0 0.0.0.255 any
route-map nonat permit 10
match ip address 103
!
!
!
control-plane
!
!
line con 0
logging synchronous
login local
line aux 0
login local
line vty 0 4
access-class 10 in
logging synchronous
login local
line vty 5 15
access-class 10 in
logging synchronous
login local
!
scheduler allocate 20000 1000
end
ACA - IPOffice implement
ACA - IP Telephony
CCNA - Passed at last