davidcisco
Technical User
hi guys!
First I have to say, I'm new in cisco world and thanks for any help in advance. I'm trying to connect those equipments by site-to-site VPN, but im not getting good results, maybe you could help me.
these are my configurations:
router 877(189.172.xxx.xxx):
-----------------------------------------------------------------------
Building configuration...
Current configuration : 5853 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname San-Jose
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
enable secret 5 $1$2mSZ$7T47N4iAyQjT6KeASD9wt1
!
no aaa new-model
!
dot11 syslog
ip source-route
ip dhcp excluded-address 192.168.2.1 192.168.2.52
!
ip dhcp pool LAN
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.254
dns-server 200.33.166.101
lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
!
!
!
!
username xxxxxxx password 0 xxxxxxx
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key mykey address 201.120.xxx.xxx
!
!
crypto ipsec transform-set STRONG esp-3des esp-sha-hmac
!
crypto map MYMAP 10 ipsec-isakmp
set peer 201.120.xxx.xxx
set transform-set STRONG
set pfs group1
match address 101
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
ip nat outside
ip virtual-reassembly
no atm ilmi-keepalive
pvc 8/81
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description RED LOCAL
ip address 192.168.2.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 2
no cdp enable
ppp authentication pap callin
ppp pap sent-username xxxxxxx password 0 xxxxxx
crypto map MYMAP
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.1.0 255.255.255.0 201.120.xxx.xxx
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 23 interface Dialer1 overload
!
access-list 23 permit 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
dialer-list 2 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password xxxxxxxx
login
transport input telnet ssh
!
scheduler max-task-time 5000
end
RVS4000(201.120.xxx.xxx):
"debug crypto isakmp" and "debug crypto ipsec" give me nothing.
First I have to say, I'm new in cisco world and thanks for any help in advance. I'm trying to connect those equipments by site-to-site VPN, but im not getting good results, maybe you could help me.
these are my configurations:
router 877(189.172.xxx.xxx):
-----------------------------------------------------------------------
Building configuration...
Current configuration : 5853 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname San-Jose
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
enable secret 5 $1$2mSZ$7T47N4iAyQjT6KeASD9wt1
!
no aaa new-model
!
dot11 syslog
ip source-route
ip dhcp excluded-address 192.168.2.1 192.168.2.52
!
ip dhcp pool LAN
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.254
dns-server 200.33.166.101
lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
!
!
!
!
username xxxxxxx password 0 xxxxxxx
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key mykey address 201.120.xxx.xxx
!
!
crypto ipsec transform-set STRONG esp-3des esp-sha-hmac
!
crypto map MYMAP 10 ipsec-isakmp
set peer 201.120.xxx.xxx
set transform-set STRONG
set pfs group1
match address 101
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
ip nat outside
ip virtual-reassembly
no atm ilmi-keepalive
pvc 8/81
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description RED LOCAL
ip address 192.168.2.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 2
no cdp enable
ppp authentication pap callin
ppp pap sent-username xxxxxxx password 0 xxxxxx
crypto map MYMAP
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.1.0 255.255.255.0 201.120.xxx.xxx
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 23 interface Dialer1 overload
!
access-list 23 permit 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
dialer-list 2 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password xxxxxxxx
login
transport input telnet ssh
!
scheduler max-task-time 5000
end
RVS4000(201.120.xxx.xxx):
"debug crypto isakmp" and "debug crypto ipsec" give me nothing.