Hello i am having a problem with me VPN connect i can see the problem but no way to change this which is the most annoying this:
(remote and local address has been changed to save people fiddling, the 146.81.200.61 is the correct)
crypto isakmp policy 11
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key ********* address 81.171.200.154
!
!
crypto ipsec transform-set TSLVPN esp-3des esp-sha-hmac
!
crypto map VPNMAP 11 ipsec-isakmp
set peer 81.171.200.154
set transform-set TSLVPN
set pfs group2
match address 101
this is all correctly on the interface and had this double checked which looks correct to everyone else
but obviously not connecting
when i do 'show crypto session'
Interface: FastEthernet0
Session status: DOWN
Peer: 81.200.200.154 port 500
IPSEC FLOW: permit ip 10.0.0.0/255.0.0.0 172.16.0.0/255.255.0.0
Active SAs: 0, origin: crypto map
Interface: FastEthernet0
Session status: DOWN-NEGOTIATING
Peer: 146.81.200.61 port 500
IKE SA: local 217.200.200.234/500 remote 146.81.200.61/500 Inactive
IKE SA: local 217.200.200.234/500 remote 146.81.200.61/500 Inactive
IKE SA: local 217.200.200.234/500 remote 146.81.200.61/500 Inactive
IKE SA: local 217.200.200.234/500 remote 146.81.200.61/500 Inactive
on the IKE SA where is it getting that remote address from as its completely wrong the remote address should be the same as my set peer address 81.200.200.154
i have tried re-creating the all details on the router and still no joy....the 146 cannot be pinged so no idea where it is
also when doing a trace route from both site the 146 address is not mentioned in either on the results
really scratching my head on this one....even more as its my first solo VPN setup that i want to do with people checking and now i have hi this problem
if you can help could you please explain in detail possibly with some command examples...thankyou
any help would be great cheers
(remote and local address has been changed to save people fiddling, the 146.81.200.61 is the correct)
crypto isakmp policy 11
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key ********* address 81.171.200.154
!
!
crypto ipsec transform-set TSLVPN esp-3des esp-sha-hmac
!
crypto map VPNMAP 11 ipsec-isakmp
set peer 81.171.200.154
set transform-set TSLVPN
set pfs group2
match address 101
this is all correctly on the interface and had this double checked which looks correct to everyone else
but obviously not connecting
when i do 'show crypto session'
Interface: FastEthernet0
Session status: DOWN
Peer: 81.200.200.154 port 500
IPSEC FLOW: permit ip 10.0.0.0/255.0.0.0 172.16.0.0/255.255.0.0
Active SAs: 0, origin: crypto map
Interface: FastEthernet0
Session status: DOWN-NEGOTIATING
Peer: 146.81.200.61 port 500
IKE SA: local 217.200.200.234/500 remote 146.81.200.61/500 Inactive
IKE SA: local 217.200.200.234/500 remote 146.81.200.61/500 Inactive
IKE SA: local 217.200.200.234/500 remote 146.81.200.61/500 Inactive
IKE SA: local 217.200.200.234/500 remote 146.81.200.61/500 Inactive
on the IKE SA where is it getting that remote address from as its completely wrong the remote address should be the same as my set peer address 81.200.200.154
i have tried re-creating the all details on the router and still no joy....the 146 cannot be pinged so no idea where it is
also when doing a trace route from both site the 146 address is not mentioned in either on the results
really scratching my head on this one....even more as its my first solo VPN setup that i want to do with people checking and now i have hi this problem
if you can help could you please explain in detail possibly with some command examples...thankyou
any help would be great cheers