RE: IPExpert R&S v9 Lab13.2 steps12-13

From: Robert Cuello (smdmokay@yahoo.com)
Date: Mon May 14 2007 - 21:37:57 ART

One more thing I notice. When I do a:
   
  R4# sh crypto ipsec sa
   
  I do not get a:
  1- Local Ident
  2- Inbound esp sas
  3-outbound esp sas
   
  Thanks again

Robert Cuello <smdmokay@yahoo.com> wrote:
  Hello all,

I'm stuck on steps 12-13 on the workbook. I have all the req config but I cannot ping across, even though R4 can see R2.

This is what I have:

2851-R2#
access-list 101 permit ip any host 150.50.24.4
access-list 101 permit ip any host 200.0.0.4
!
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp key ipexpert address 150.50.24.4
!
!
crypto ipsec transform-set R2R4 esp-des esp-sha-hmac
!
crypto map R2R4 1 ipsec-isakmp
set peer 150.50.24.4
set security-association lifetime seconds 1800
set transform-set R2R4
match address 101
reverse-route
!
!
interface Serial0/1/0.4 point-to-point
description FR to R4
ip address 150.50.24.2 255.255.255.0
ip ospf network point-to-point
ip ospf priority 100
frame-relay interface-dlci 104
crypto map R2R4

2851-R2#ping 150.50.24.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.50.24.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
2851-R2#ping 200.0.0.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.0.0.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

2851-R2#sh cdp neig de

On R4 I have:

2851-R4#

access-list 101 permit ip any host 150.50.24.2
access-list 101 permit ip any host 200.0.0.2
access-list 101 permit ip host 150.50.24.4 any
access-list 101 permit ip host 200.0.0.4 any
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp key ipexpert address 150.50.24.2
!
!
crypto ipsec transform-set R2R4 esp-des esp-sha-hmac
!
crypto map R2R4 1 ipsec-isakmp
set peer 150.50.24.2
set security-association lifetime seconds 1800
set transform-set R2R4
match address 101
reverse-route

interface Serial0/0/0.4 point-to-point
description FR to R2
ip address 150.50.24.4 255.255.255.0
ip ospf network point-to-point
ip ospf priority 0
frame-relay interface-dlci 401
crypto map R2R4

2851-R4#ping 200.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.0.0.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
2851-R4#ping 150.50.24.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.50.24.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
2851-R4#
2851-R4#sh cdp neighbors detail
-------------------------
Device ID: 2851-R2
Entry address(es):
IP address: 150.50.24.2
Platform: Cisco 2851, Capabilities: Router Switch IGMP
Interface: Serial0/0/0.4, Port ID (outgoing port): Serial0/1/0.4
Holdtime : 176 sec
Version :
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(11)T1, RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 25-Jan-07 12:50 by prod_rel_team
advertisement version: 2
VTP Management Domain: ''

If I take the access-list 101 out of R4 and try to ping, I get this message on R2:

*May 15 00:11:50.583: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.
(ip) vrf/dest_addr= /150.50.24.2, src_addr= 150.50.24.4 1

Thanks for your help in advance.

---------------------------------
Get the free Yahoo! toolbar and rest assured with the added security of spyware protection.

This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:21 ART