RE: [VPN]

From: jaime.salazar@xxxxxxxxxx
Date: Sat Jan 15 2000 - 20:45:36 GMT-3

• Next message: Gary Bradford: "Re: Joke?"
• Previous message: Brad Hedlund: "RE: [VPN]"
• Maybe in reply to: Mosley, Arthur: "RE: [VPN]"
• Next in thread: pbosio@xxxxxxxxxxxxxx: "RE: [VPN]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Brad,

I am not receiving eigrp updates across the tunnel, I have included the crypto
map on physical interfaces and in access list. But I Iam still getting the same
errors. Any ideas?

Brad Hedlund <BHedlund@LifeTimeFitness.com> on 15/01/2000 04:59:15 PM

Please respond to Brad Hedlund <BHedlund@LifeTimeFitness.com>

To: Jaime Salazar/Mexico/AMERICAS/Equant@Equant
cc: "'ccielab@groupstudy.com'" <ccielab@groupstudy.com>

Subject: RE: [VPN]

Cryto maps should be applied to both the physical and tunnel interface.
I realize that the first VPN config I sent out didnt do this. I have since
learned I was wrong.
My VPN was working, but it wasnt textbook.

-Brad

>
> Hey folks, calm down!!!
>
> Talking about VPN's, I did the excercise of Brad's
> recommendation for VPN. If
> you configure that it works fine, but when I tryed to add a
> tunnel interface to
> it, I get this kind of messages:
> 00:03:59: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of
> Informational mode failed w
> ith peer at 192.168.10.66
> Here are the configs, can you figure it out the problem?
>
> Thanks in advance.
> Jaime
>
> sh run
> Building configuration...
>
> Current configuration:
> !
> version 11.3
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname dt3-45a
> !
> !
> ip host ciscoca-ultra 171.69.54.46
> ip domain-name cisco.com
> ip name-server 171.69.2.132
> ip name-server 198.92.30.32
> !
> !
> crypto isakmp policy 1
> hash md5
> authentication pre-share
> crypto isakmp key slurpee-machine address 192.168.10.38
> !
> !
> --More-- crypto ipsec
> transform-set PapaBear
> esp-rfc1829
> crypto ipsec transform-set MamaBear ah-md5-hmac esp-des
> crypto ipsec transform-set BabyBear ah-rfc1828
> !
> !
> crypto map armadillo 10 ipsec-isakmp
> set peer 192.168.10.38
> set transform-set PapaBear MamaBear BabyBear
> match address 101
> !
> !
> process-max-time 200
> !
> interface Tunnel0
> ip address 10.10.49.1 255.255.255.0
> tunnel source 192.168.10.66
> tunnel destination 192.168.10.38
> crypto map armadillo
> !
> interface Serial0
> ip address 192.168.10.66 255.255.255.0
> no fair-queue
> clockrate 64000
> --More-- !
> interface Serial1
> no ip address
> shutdown
> !
> interface TokenRing0
> ip address 10.10.9.1 255.255.255.0
> ring-speed 16
> !
> router eigrp 100
> network 10.0.0.0
> !
> ip classless
> !
> access-list 101 permit ip 10.10.0.0 0.0.255.255 10.10.0.0 0.0.255.255
> !
> line con 0
> line aux 0
> line vty 0 4
> login
> !
> end
>
>
> Building configuration...
>
> Current configuration:
> !
> version 12.0
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname db3-4kb
> !
> !
> !
> !
> !
> !
> ip subnet-zero
> ip host ciscoca-ulotra 171.69.54.46
> ip domain-name cisco.com
> ip name-server 171.69.2.132
> ip name-server 198.92.30.32
> !
> cns event-service server
> !
> --More-- !
> crypto isakmp policy 1
> hash md5
> authentication pre-share
> crypto isakmp key slurpee-machine address 192.168.10.66
> !
> !
> crypto ipsec transform-set PapaBear esp-rfc1829
> crypto ipsec transform-set MamaBear ah-md5-hmac esp-des
> crypto ipsec transform-set BabyBear ah-rfc1828
> !
> !
> crypto map armadillo 10 ipsec-isakmp
> set peer 192.168.10.66
> set transform-set PapaBear MamaBear BabyBear
> match address 101
> !
> !
> process-max-time 200
> !
> interface Tunnel0
> ip address 10.10.49.2 255.255.255.0
> no ip directed-broadcast
> --More-- tunnel source 192.168.10.38
> tunnel destination 192.168.10.66
> crypto map armadillo
> !
> interface Ethernet0
> ip address 10.10.5.1 255.255.255.0
> no ip directed-broadcast
> !
> interface Serial0
> ip address 192.168.10.38 255.255.255.0
> no ip directed-broadcast
> no ip mroute-cache
> !
> interface Serial1
> no ip address
> no ip directed-broadcast
> shutdown
> !
> router eigrp 100
> network 10.0.0.0
> !
> ip classless
> no ip http server
> --More-- !
> access-list 101 permit ip 10.10.0.0 0.0.255.255 10.10.0.0 0.0.255.255
> !
> !
> line con 0
> transport input none
> line 1 8
> line aux 0
> line vty 0 4
> login
> !
> end
>
>
>
>

• Next message: Gary Bradford: "Re: Joke?"
• Previous message: Brad Hedlund: "RE: [VPN]"
• Maybe in reply to: Mosley, Arthur: "RE: [VPN]"
• Next in thread: pbosio@xxxxxxxxxxxxxx: "RE: [VPN]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:22:44 GMT-3