- Posts: 4
- Thank you received: 0
VPN+IPSEC
15 years 5 months ago #30557
by asumi
hi i tried to do vpn in 2 routers and but i could not establish the connection so i am posting my conf..
**********************************
hostname ho
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$HiLs$2Kk.zX3hYCo96cIc8lSOZ0
enable password 7 02050D480809
!
aaa new-model
!
!
!
aaa session-id common
!
!
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco123 address 192.168.2.2
!
!
crypto ipsec transform-set cisco esp-3des esp-md5-hmac
!
crypto map map1 6 ipsec-isakmp
set peer 192.168.2.2
set transform-set cisco
match address 100
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
description **** Head Office ****
ip address 192.168.1.2 255.255.255.0
encapsulation ppp
serial restart-delay 0
crypto map map1
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
interface Ethernet2/0
ip address 172.168.1.1 255.255.0.0
duplex half
!
interface Ethernet2/1
no ip address
shutdown
duplex half
!
interface Ethernet2/2
no ip address
shutdown
duplex half
!
interface Ethernet2/3
no ip address
shutdown
duplex half
!
interface Ethernet2/4
no ip address
shutdown
duplex half
!
interface Ethernet2/5
no ip address
shutdown
duplex half
!
interface Ethernet2/6
no ip address
shutdown
duplex half
!
interface Ethernet2/7
no ip address
shutdown
duplex half
!
router rip
version 2
network 192.168.1.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
access-list 100 permit ip 172.168.1.0 0.0.255.255 172.168.2.0 0.0.255.255
!
!
control-plane
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
!
end
*********************************************
hostname npj
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco123 address 192.168.1.2
!
!
crypto ipsec transform-set cisco esp-3des esp-md5-hmac
!
crypto map map2 6 ipsec-isakmp
set peer 192.168.1.2
set transform-set cisco
match address 100
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip address 192.168.2.2 255.255.255.0
encapsulation ppp
serial restart-delay 0
no fair-queue
crypto map map2
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
interface Ethernet2/0
ip address 172.168.2.1 255.255.0.0
duplex half
!
interface Ethernet2/1
no ip address
shutdown
duplex half
!
interface Ethernet2/2
no ip address
shutdown
duplex half
!
interface Ethernet2/3
no ip address
shutdown
duplex half
!
interface Ethernet2/4
no ip address
shutdown
duplex half
!
interface Ethernet2/5
no ip address
shutdown
duplex half
!
interface Ethernet2/6
no ip address
shutdown
duplex half
!
interface Ethernet2/7
no ip address
shutdown
duplex half
!
router rip
version 2
network 192.168.2.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
access-list 100 permit ip 172.168.2.0 0.0.255.255 172.168.1.0 0.0.255.255
!
!
!
control-plane
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
*********************************************
and i ping host "ho" with following command but ping reply is not successful:
ping 172.168.2.1 source 172.168.1.1 repeat 1000 size 1000
can anyone tell me what mistake i made
**********************************
hostname ho
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$HiLs$2Kk.zX3hYCo96cIc8lSOZ0
enable password 7 02050D480809
!
aaa new-model
!
!
!
aaa session-id common
!
!
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco123 address 192.168.2.2
!
!
crypto ipsec transform-set cisco esp-3des esp-md5-hmac
!
crypto map map1 6 ipsec-isakmp
set peer 192.168.2.2
set transform-set cisco
match address 100
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
description **** Head Office ****
ip address 192.168.1.2 255.255.255.0
encapsulation ppp
serial restart-delay 0
crypto map map1
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
interface Ethernet2/0
ip address 172.168.1.1 255.255.0.0
duplex half
!
interface Ethernet2/1
no ip address
shutdown
duplex half
!
interface Ethernet2/2
no ip address
shutdown
duplex half
!
interface Ethernet2/3
no ip address
shutdown
duplex half
!
interface Ethernet2/4
no ip address
shutdown
duplex half
!
interface Ethernet2/5
no ip address
shutdown
duplex half
!
interface Ethernet2/6
no ip address
shutdown
duplex half
!
interface Ethernet2/7
no ip address
shutdown
duplex half
!
router rip
version 2
network 192.168.1.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
access-list 100 permit ip 172.168.1.0 0.0.255.255 172.168.2.0 0.0.255.255
!
!
control-plane
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
!
end
*********************************************
hostname npj
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco123 address 192.168.1.2
!
!
crypto ipsec transform-set cisco esp-3des esp-md5-hmac
!
crypto map map2 6 ipsec-isakmp
set peer 192.168.1.2
set transform-set cisco
match address 100
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip address 192.168.2.2 255.255.255.0
encapsulation ppp
serial restart-delay 0
no fair-queue
crypto map map2
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
interface Ethernet2/0
ip address 172.168.2.1 255.255.0.0
duplex half
!
interface Ethernet2/1
no ip address
shutdown
duplex half
!
interface Ethernet2/2
no ip address
shutdown
duplex half
!
interface Ethernet2/3
no ip address
shutdown
duplex half
!
interface Ethernet2/4
no ip address
shutdown
duplex half
!
interface Ethernet2/5
no ip address
shutdown
duplex half
!
interface Ethernet2/6
no ip address
shutdown
duplex half
!
interface Ethernet2/7
no ip address
shutdown
duplex half
!
router rip
version 2
network 192.168.2.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
access-list 100 permit ip 172.168.2.0 0.0.255.255 172.168.1.0 0.0.255.255
!
!
!
control-plane
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
*********************************************
and i ping host "ho" with following command but ping reply is not successful:
ping 172.168.2.1 source 172.168.1.1 repeat 1000 size 1000
can anyone tell me what mistake i made
Time to create page: 0.110 seconds