RE: IPExpert R&S v9 Lab13.2 steps12-13

From: Robert Cuello (smdmokay@yahoo.com)
Date: Mon May 14 2007 - 21:27:24 ART

Hello all,
   
  I'm stuck on steps 12-13 on the workbook. I have all the req config but I cannot ping across, even though R4 can see R2.
   
   This is what I have:
   
   
  2851-R2#
  access-list 101 permit ip any host 150.50.24.4
access-list 101 permit ip any host 200.0.0.4
!
crypto isakmp policy 1
 hash md5
 authentication pre-share
 group 2
 lifetime 3600
crypto isakmp key ipexpert address 150.50.24.4
!
!
crypto ipsec transform-set R2R4 esp-des esp-sha-hmac
!
crypto map R2R4 1 ipsec-isakmp
 set peer 150.50.24.4
 set security-association lifetime seconds 1800
 set transform-set R2R4
 match address 101
 reverse-route
!
!
  interface Serial0/1/0.4 point-to-point
 description FR to R4
 ip address 150.50.24.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf priority 100
 frame-relay interface-dlci 104
 crypto map R2R4
          
2851-R2#ping 150.50.24.4
  Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.50.24.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
2851-R2#ping 200.0.0.4
  Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.0.0.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
  
2851-R2#sh cdp neig de
   
   
  On R4 I have:
   
  2851-R4#
   
  access-list 101 permit ip any host 150.50.24.2
access-list 101 permit ip any host 200.0.0.2
access-list 101 permit ip host 150.50.24.4 any
access-list 101 permit ip host 200.0.0.4 any
!
!
crypto isakmp policy 1
 hash md5
 authentication pre-share
 group 2
 lifetime 3600
crypto isakmp key ipexpert address 150.50.24.2
!
!
crypto ipsec transform-set R2R4 esp-des esp-sha-hmac
!
crypto map R2R4 1 ipsec-isakmp
 set peer 150.50.24.2
 set security-association lifetime seconds 1800
 set transform-set R2R4
 match address 101
 reverse-route
  
interface Serial0/0/0.4 point-to-point
 description FR to R2
 ip address 150.50.24.4 255.255.255.0
 ip ospf network point-to-point
 ip ospf priority 0
 frame-relay interface-dlci 401
 crypto map R2R4
            
2851-R4#ping 200.0.0.2
  Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.0.0.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
2851-R4#ping 150.50.24.2
  Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.50.24.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
2851-R4#
  2851-R4#sh cdp neighbors detail
-------------------------
Device ID: 2851-R2
Entry address(es):
  IP address: 150.50.24.2
Platform: Cisco 2851, Capabilities: Router Switch IGMP
Interface: Serial0/0/0.4, Port ID (outgoing port): Serial0/1/0.4
Holdtime : 176 sec
  Version :
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(11)T1, RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 25-Jan-07 12:50 by prod_rel_team
  advertisement version: 2
VTP Management Domain: ''
   
   
  If I take the access-list 101 out of R4 and try to ping, I get this message on R2:
   
  
*May 15 00:11:50.583: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.
        (ip) vrf/dest_addr= /150.50.24.2, src_addr= 150.50.24.4 1
   
   
   
   
  Thanks for your help in advance.
   

       
---------------------------------
Get the free Yahoo! toolbar and rest assured with the added security of spyware protection.

This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:21 ART