Solved

Site to site vpn between two 1721

Posted on 2007-11-29
2
380 Views
Last Modified: 2010-08-05
I need to set a vpn link to a remote office at another site. As a first step i am setting up a lab with two 1721 routers. I have configured the two devices and they can ping each other external interface. however i can not seem to get the vpn up.

Please help

How do i trouble shoot this. I can find good documentation out there.

The configs are below

router 1 config (remote)

show ru
Building configuration...

Current configuration : 1426 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname YAK-SPK-VPN
!
boot-start-marker
boot-end-marker
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.75.1 192.168.75.100
!
ip dhcp pool Yakima
   network 192.168.75.0 255.255.255.0
   default-router 192.168.75.1
   dns-server 10.20.1.50 10.10.1.58
   lease 7
!
ip audit po max-events 100

!
!
!
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key y@k1ma$ec address 67.132.135.205
!
crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
!
crypto map VPN-Map-1 10 ipsec-isakmp
 set peer 67.132.135.205
 set transform-set 3DES-SHA
 set pfs group2
 match address Crypto-list
!
!
!
interface Ethernet0
 ip address 67.132.135.206 255.255.255.224
 full-duplex
 crypto map VPN-Map-1
!
interface FastEthernet0
 ip address 192.168.75.1 255.255.255.0
 speed auto
 full-duplex
!
ip classless
no ip http server
no ip http secure-server
!
ip access-list extended Crypto-list
 permit ip 192.168.75.0 0.0.0.255 10.0.0.0 0.255.255.255
ip access-list extended Internet-inbound-ACL
 permit udp host 67.132.135.205 any eq isakmp
 permit esp host 67.132.135.205 any
!
!
line con 0
line aux 0
line vty 0 4
!
end

YAK-SPK-VPN#

Router 2 config (local)
Current configuration : 1670 bytes
!
! Last configuration change at 21:03:57 UTC Thu Nov 29 2007
! NVRAM config last updated at 20:50:29 UTC Thu Nov 29 2007
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname SPK-YAK-VPN
!
boot-start-marker
boot-end-marker

!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip audit po max-events 100
no ip domain lookup
!
!
!
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key y@k1ma$ec address 67.132.135.206
!
!
crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
!
crypto map VPN-Map-1 10 ipsec-isakmp
 set peer 67.132.135.206
 set transform-set 3DES-SHA
 set pfs group2
 match address Crypto-list
!
!
!
interface Loopback1
 ip address 10.22.0.31 255.255.255.0
!
interface Ethernet0
 ip address 67.132.135.205 255.255.255.224
 full-duplex
 crypto map VPN-Map-1
!
interface FastEthernet0
 ip address 10.22.1.31 255.255.255.0
 speed auto
 full-duplex
!
router eigrp 100
 network 10.0.0.0
 no auto-summary
!
ip classless
no ip http server
no ip http secure-server
!
ip access-list extended Crypto-list
 permit ip 10.0.0.0 0.255.255.255 192.168.75.0 0.0.0.255
ip access-list extended Internet-inbound-ACL
 permit udp host 67.132.135.206 any eq isakmp
 permit esp host 67.132.135.206 any
!

!
line con 0
line aux 0
line vty 0 4
0
Comment
Question by:omegamueller
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 15

Accepted Solution

by:
wingatesl earned 500 total points
ID: 20379687
you need to set default routes to push the encrypted taffic out the crypto maps
on YAK-SPK-VPN
conf t
ip route 10.0.0.0 255.0.0.0 ethernet 0

on SPK-YAK-VPN
conf t
ip route 192.168.75.0 255.255.255.0 ethernet 0

I could not help but notice that these routers are on the same network (on the internet side) and do not have default routes. I will leave that alone as I am not sure if it is intentional or not. Are these devices in place right now?
0
 
LVL 4

Author Comment

by:omegamueller
ID: 20383505
Thank for the advise. Both routers user a default route that i accidentally cut out of the posted code.
The problem ended up being a bad 1721 vpn module.
Thank you for your help.
0

Featured Post

Are You Ransomware's Next Victim?

Worried about ransomware attacks hitting your organization?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with WatchGuard Total Security!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Configure BGP 22 58
Cisco Anyconnect on MS Surface 12 51
Routers to buy for MDT Multitasking 6 81
Programmable Firewall Router? 3 25
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question