Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Site to Site VPN with Cisco 881 and PIX

Status
Not open for further replies.

hall5942

Vendor
May 7, 2002
377
US
I am getting an error when testing the site to site tunnel. I created it on the 881 using CCP wizard and this is my error. "The peer must be routed through the crypto map interface. The following peer(s) do not have a routing entry in the routing table.
1)66.66.66.66

Go to 'Configure>Routing' and correct the routing table.

66.66.66.66 is my peer IP address external and 192.168.1.0/24 is my internal
77.77.77.77 is my ip address and 192.168.2.0/24 is my internal



Here is my config


#sho running
Building configuration...

Current configuration : 3222 bytes
!
! Last configuration change at 18:13:30 UTC Mon Mar 9 2015 by admin
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable secret 5 $1$btOW$jmymDGZBSU72TLsGPCycN.
enable password XXXXXXX
!
no aaa new-model
!
!
!
!
!
!


!
ip dhcp excluded-address 192.168.2.1 192.168.2.50
ip dhcp excluded-address 192.168.2.201 192.168.2.254
!
ip dhcp pool Router
import all
network 192.168.2.0 255.255.255.0
dns-server 69.71.1.3 69.71.0.3
!
!
!
ip name-server 69.71.1.3
ip name-server 69.71.0.3
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C881-K9 sn FTX184783XN
!
!
username admin privilege 15 password 0 XXXXXXX
!
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
hash md5
authentication pre-share
group 2
crypto isakmp key XXXXXXXX address 66.66.66.66
!
!
crypto ipsec transform-set VPN esp-3des esp-sha-hmac
mode tunnel
!
!
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to66.66.66.66
set peer 66.66.66.66
set transform-set VPN
match address 104
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description $ETH-LAN$
ip address 77.77.77.77 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex half
speed auto
crypto map SDM_CMAP_1
!
interface Vlan1
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
!
!
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet4 77.77.77.76
!
ip sla auto discovery
dialer-list 1 protocol ip permit
!
route-map SDM_RMAP_1 permit 1
match ip address 101
!
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 remark CCP_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 102 remark CCP_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 103 remark CCP_ACL Category=4
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 104 remark CCP_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password XXXXXXXX
login local
transport input all
!
scheduler allocate 20000 1000
!
end
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top