I am getting an error when testing the site to site tunnel. I created it on the 881 using CCP wizard and this is my error. "The peer must be routed through the crypto map interface. The following peer(s) do not have a routing entry in the routing table.
1)66.66.66.66
Go to 'Configure>Routing' and correct the routing table.
66.66.66.66 is my peer IP address external and 192.168.1.0/24 is my internal
77.77.77.77 is my ip address and 192.168.2.0/24 is my internal
Here is my config
#sho running
Building configuration...
Current configuration : 3222 bytes
!
! Last configuration change at 18:13:30 UTC Mon Mar 9 2015 by admin
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable secret 5 $1$btOW$jmymDGZBSU72TLsGPCycN.
enable password XXXXXXX
!
no aaa new-model
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.2.1 192.168.2.50
ip dhcp excluded-address 192.168.2.201 192.168.2.254
!
ip dhcp pool Router
import all
network 192.168.2.0 255.255.255.0
dns-server 69.71.1.3 69.71.0.3
!
!
!
ip name-server 69.71.1.3
ip name-server 69.71.0.3
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C881-K9 sn FTX184783XN
!
!
username admin privilege 15 password 0 XXXXXXX
!
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
hash md5
authentication pre-share
group 2
crypto isakmp key XXXXXXXX address 66.66.66.66
!
!
crypto ipsec transform-set VPN esp-3des esp-sha-hmac
mode tunnel
!
!
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to66.66.66.66
set peer 66.66.66.66
set transform-set VPN
match address 104
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description $ETH-LAN$
ip address 77.77.77.77 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex half
speed auto
crypto map SDM_CMAP_1
!
interface Vlan1
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
!
!
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet4 77.77.77.76
!
ip sla auto discovery
dialer-list 1 protocol ip permit
!
route-map SDM_RMAP_1 permit 1
match ip address 101
!
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 remark CCP_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 102 remark CCP_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 103 remark CCP_ACL Category=4
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 104 remark CCP_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password XXXXXXXX
login local
transport input all
!
scheduler allocate 20000 1000
!
end
1)66.66.66.66
Go to 'Configure>Routing' and correct the routing table.
66.66.66.66 is my peer IP address external and 192.168.1.0/24 is my internal
77.77.77.77 is my ip address and 192.168.2.0/24 is my internal
Here is my config
#sho running
Building configuration...
Current configuration : 3222 bytes
!
! Last configuration change at 18:13:30 UTC Mon Mar 9 2015 by admin
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable secret 5 $1$btOW$jmymDGZBSU72TLsGPCycN.
enable password XXXXXXX
!
no aaa new-model
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.2.1 192.168.2.50
ip dhcp excluded-address 192.168.2.201 192.168.2.254
!
ip dhcp pool Router
import all
network 192.168.2.0 255.255.255.0
dns-server 69.71.1.3 69.71.0.3
!
!
!
ip name-server 69.71.1.3
ip name-server 69.71.0.3
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C881-K9 sn FTX184783XN
!
!
username admin privilege 15 password 0 XXXXXXX
!
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
hash md5
authentication pre-share
group 2
crypto isakmp key XXXXXXXX address 66.66.66.66
!
!
crypto ipsec transform-set VPN esp-3des esp-sha-hmac
mode tunnel
!
!
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to66.66.66.66
set peer 66.66.66.66
set transform-set VPN
match address 104
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description $ETH-LAN$
ip address 77.77.77.77 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex half
speed auto
crypto map SDM_CMAP_1
!
interface Vlan1
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
!
!
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet4 77.77.77.76
!
ip sla auto discovery
dialer-list 1 protocol ip permit
!
route-map SDM_RMAP_1 permit 1
match ip address 101
!
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 remark CCP_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 102 remark CCP_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 103 remark CCP_ACL Category=4
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 104 remark CCP_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password XXXXXXXX
login local
transport input all
!
scheduler allocate 20000 1000
!
end
