Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Site to site vpn between two 1721

Posted on 2007-11-29
2
Medium Priority
?
383 Views
Last Modified: 2010-08-05
I need to set a vpn link to a remote office at another site. As a first step i am setting up a lab with two 1721 routers. I have configured the two devices and they can ping each other external interface. however i can not seem to get the vpn up.

Please help

How do i trouble shoot this. I can find good documentation out there.

The configs are below

router 1 config (remote)

show ru
Building configuration...

Current configuration : 1426 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname YAK-SPK-VPN
!
boot-start-marker
boot-end-marker
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.75.1 192.168.75.100
!
ip dhcp pool Yakima
   network 192.168.75.0 255.255.255.0
   default-router 192.168.75.1
   dns-server 10.20.1.50 10.10.1.58
   lease 7
!
ip audit po max-events 100

!
!
!
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key y@k1ma$ec address 67.132.135.205
!
crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
!
crypto map VPN-Map-1 10 ipsec-isakmp
 set peer 67.132.135.205
 set transform-set 3DES-SHA
 set pfs group2
 match address Crypto-list
!
!
!
interface Ethernet0
 ip address 67.132.135.206 255.255.255.224
 full-duplex
 crypto map VPN-Map-1
!
interface FastEthernet0
 ip address 192.168.75.1 255.255.255.0
 speed auto
 full-duplex
!
ip classless
no ip http server
no ip http secure-server
!
ip access-list extended Crypto-list
 permit ip 192.168.75.0 0.0.0.255 10.0.0.0 0.255.255.255
ip access-list extended Internet-inbound-ACL
 permit udp host 67.132.135.205 any eq isakmp
 permit esp host 67.132.135.205 any
!
!
line con 0
line aux 0
line vty 0 4
!
end

YAK-SPK-VPN#

Router 2 config (local)
Current configuration : 1670 bytes
!
! Last configuration change at 21:03:57 UTC Thu Nov 29 2007
! NVRAM config last updated at 20:50:29 UTC Thu Nov 29 2007
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname SPK-YAK-VPN
!
boot-start-marker
boot-end-marker

!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip audit po max-events 100
no ip domain lookup
!
!
!
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key y@k1ma$ec address 67.132.135.206
!
!
crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
!
crypto map VPN-Map-1 10 ipsec-isakmp
 set peer 67.132.135.206
 set transform-set 3DES-SHA
 set pfs group2
 match address Crypto-list
!
!
!
interface Loopback1
 ip address 10.22.0.31 255.255.255.0
!
interface Ethernet0
 ip address 67.132.135.205 255.255.255.224
 full-duplex
 crypto map VPN-Map-1
!
interface FastEthernet0
 ip address 10.22.1.31 255.255.255.0
 speed auto
 full-duplex
!
router eigrp 100
 network 10.0.0.0
 no auto-summary
!
ip classless
no ip http server
no ip http secure-server
!
ip access-list extended Crypto-list
 permit ip 10.0.0.0 0.255.255.255 192.168.75.0 0.0.0.255
ip access-list extended Internet-inbound-ACL
 permit udp host 67.132.135.206 any eq isakmp
 permit esp host 67.132.135.206 any
!

!
line con 0
line aux 0
line vty 0 4
0
Comment
Question by:omegamueller
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 15

Accepted Solution

by:
wingatesl earned 2000 total points
ID: 20379687
you need to set default routes to push the encrypted taffic out the crypto maps
on YAK-SPK-VPN
conf t
ip route 10.0.0.0 255.0.0.0 ethernet 0

on SPK-YAK-VPN
conf t
ip route 192.168.75.0 255.255.255.0 ethernet 0

I could not help but notice that these routers are on the same network (on the internet side) and do not have default routes. I will leave that alone as I am not sure if it is intentional or not. Are these devices in place right now?
0
 
LVL 4

Author Comment

by:omegamueller
ID: 20383505
Thank for the advise. Both routers user a default route that i accidentally cut out of the posted code.
The problem ended up being a bad 1721 vpn module.
Thank you for your help.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question