Hello @all,
hope you can help me out. I have tryed to setup a Router-to-Router VPN in a GRE Tunnel (describe in Cisco IOS Cookbook). I got the gre Tunnel to work. But the crypt not.
I have the folloging setup
Router A (Dialer0 / A.B.C.D) ----- INTERNET --- (Fa0 / E.F.G.H)Router B | | --(Tunnel1/172.16.1.1) --- GRE TUNNEL --- (Tunnel1/172.16.1.2)--
A.B.C.D and E.F.G.H are static IP's. Router A does a DSL Dialup with pppoe and PAP.
GRE Setup: ========== Route A:
interface Tunnel1 ip address 172.16.1.1 255.255.255.252 tunnel source A.B.C.D tunnel destination E.F.G.H exit
Router B:
interface Tunnel1 ip address 172.16.1.2 255.255.255.252 tunnel source E.F.G.H tunnel destination A.B.C.D exit
This does work!
IPSETUP ======= Router A:
--------- ! crypto isakmp policy 101 encr 3des authentication pre-share crypto isakmp key bor1s address E.F.G.H no-xauth ! crypto ipsec transform-set TUNNEL esp-3des mode transport ! crypto map mymap 10 ipsec-isakmp set peer E.F.G.H set transform-set TUNNEL match address 102 ! access-list 102 permit gre host A.B.C.D host E.F.G.H
Router B:
--------- ! crypto isakmp policy 101 encr 3des authentication pre-share crypto isakmp key bor1s address A.B.C.D no-xauth
! crypto ipsec transform-set TUNNEL esp-3des mode transport ! crypto map mymap 10 ipsec-isakmp set peer A.B.C.D set transform-set TUNNEL match address 102
When I add crypto map mymap to the interfaces Dialer0 and fa0 the Tunnel stops working. Hope someone can help me out with that.
So long Alexander
Complete Config ROUTER A: ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname RouterA ! logging buffered 4096 debugging aaa new-model ! ! aaa authentication login local_auth local aaa session-id common enable secret 5 ! username LOGINNAME password 0 SECRETPASSWORD memory-size iomem 20 ip subnet-zero ! ! ip name-server 194.8.194.60 ip name-server 213.168.112.60 ! ip audit notify log ip audit po max-events 100 ip ssh time-out 120 ip ssh authentication-retries 4 vpdn enable ! vpdn-group 1 request-dialin protocol pppoe ! ! crypto isakmp policy 101 encr 3des authentication pre-share crypto isakmp key bor1s address E.F.G.H no-xauth ! ! crypto ipsec transform-set TUNNEL esp-3des mode transport crypto mib ipsec flowmib history tunnel size 200 crypto mib ipsec flowmib history failure size 200 ! crypto map mymap 10 ipsec-isakmp set peer E.F.G.H set transform-set TUNNEL match address 102 ! ! ! ! interface Tunnel1 ip address 172.16.1.1 255.255.255.252 tunnel source A.B.C.D tunnel destination E.F.G.H ! interface Ethernet0 description DSL-AC no ip address half-duplex pppoe enable pppoe-client dial-pool-number 1 no cdp enable ! interface FastEthernet0 description LOCALLAN ip address 192.168.4.1 255.255.255.0 ip nat inside speed auto no cdp enable ! interface Dialer0 ip address negotiated no ip proxy-arp ip mtu 1492 ip nat outside encapsulation ppp dialer pool 1 dialer idle-timeout 0 dialer persistent dialer-group 1 no cdp enable ppp authentication pap callin ppp pap sent-username snipped-for-privacy@netcologne.de password 7 DSLLOGIN crypto map mymap ! ip nat inside source list 1 interface Dialer0 overload ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ip http server ip pim bidir-enable ! access-list 1 permit 192.168.4.0 0.0.0.255 access-list 102 permit gre host A.B.C.D host E.F.G.H ! ! line con 0 line aux 0 line vty 0 4 login authentication local_auth ! no scheduler allocate end
Complete Config RouterB: ======================== ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname RouterK ! boot system flash c1700-k9o3sy7-mz.122-11.t11.bin logging buffered 4096 debugging aaa new-model ! ! aaa authentication login local_auth local aaa session-id common enable secret 5 SECRETPW ! username USERNAME password 0 LOGINPW memory-size iomem 25 ip subnet-zero ! ! ! ip audit notify log ip audit po max-events 100 ip ssh authentication-retries 4 ! ! crypto isakmp policy 101 encr 3des authentication pre-share crypto isakmp key bor1s address A.B.C.D ! ! crypto ipsec transform-set TUNNEL esp-3des mode transport ! crypto map mymap 10 ipsec-isakmp set peer A.B.C.D set transform-set TUNNEL match address 102 ! ! ! ! interface Loopback0 descr LOCAL TEST LAN ip address 192.168.6.1 255.255.255.0 ! interface Tunnel1 ip address 172.16.1.2 255.255.255.252 tunnel source E.F.G.H tunnel destination A.B.C.D ! interface Ethernet0 no ip address shutdown half-duplex no cdp enable ! interface FastEthernet0 ip address E.F.G.H 255.255.252.0 speed auto no cdp enable crypto map mymap ! ip classless ip route 0.0.0.0 0.0.0.0 ip route 192.168.4.0 255.255.255.0 172.16.1.1 no ip http server ip pim bidir-enable ! ! access-list 102 permit gre host E.F.G.H host A.B.C.D no cdp run ! ! line con 0 line aux 0 line vty 0 4 login authentication local_auth ! end