From: Felix Nkansah (felixnkansah@gmail.com)
Date: Wed Oct 08 2008 - 16:15:24 ART
Hi Joe,
The software on my routers is
Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version
12.4(15)T1, RELEASE SOFTWARE (fc2)
------ Hub Configuration ------------
Current configuration : 1669 bytes
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Hub
!
boot-start-marker
boot-end-marker
!
no aaa new-model
ip cef
!
no ip domain lookup
!
multilink bundle-name authenticated
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
crypto isakmp invalid-spi-recovery
!
crypto ipsec transform-set T esp-3des esp-md5-hmac
!
crypto ipsec profile PROFILE
set transform-set T
!
archive
log config
hidekeys
!
interface Loopback0
description LAN Network
ip address 1.1.1.1 255.255.255.0
!
interface Tunnel0
ip address 192.168.123.1 255.255.255.0
no ip redirects
ip nhrp authentication cisco
ip nhrp map multicast dynamic
ip nhrp network-id 123
ip nhrp cache non-authoritative
no ip split-horizon eigrp 10
tunnel source FastEthernet1/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile PROFILE
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
description WAN Interface
ip address 123.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
router eigrp 10
network 1.1.1.1 0.0.0.0
network 192.168.123.1 0.0.0.0
no auto-summary
!
no ip http server
no ip http secure-server
!
logging alarm informational
!
control-plane
!
gatekeeper
shutdown
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
webvpn cef
!
end
------------- Hub Ends -----------
----------- Spoke1 Configuration Starts ---------
Current configuration : 1658 bytes
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Spoke1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
ip cef
!
no ip domain lookup
!
multilink bundle-name authenticated
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set T esp-3des esp-md5-hmac
!
crypto ipsec profile PROFILE
set transform-set T
!
archive
log config
hidekeys
!
interface Loopback0
description LAN Network
ip address 2.2.2.2 255.255.255.0
!
interface Tunnel0
ip address 192.168.123.2 255.255.255.0
ip nhrp authentication cisco
ip nhrp map 192.168.123.1 123.0.0.1
ip nhrp map multicast 123.0.0.1
ip nhrp network-id 123
ip nhrp nhs 192.168.123.1
ip nhrp cache non-authoritative
tunnel source FastEthernet1/0
tunnel destination 123.0.0.1
tunnel key 123
tunnel protection ipsec profile PROFILE
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
description WAN Interface
ip address 123.0.0.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
router eigrp 10
network 2.2.2.2 0.0.0.0
network 192.168.123.2 0.0.0.0
no auto-summary
!
no ip http server
no ip http secure-server
!
logging alarm informational
!
control-plane
!
gatekeeper
shutdown
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
webvpn cef
!
end
---------- Ends Here -----------------------
Let me know what more you think. Because I just shut down my Hub router's
'WAN Interface' and brought it back up and I am getting this error message
below:
*Oct 8 19:11:37.231: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC
packet has invalid spi for destaddr=123.0.0.1, prot=50,
spi=0xA212AFA4(2719133604), srcaddr=123.0.0.2
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:20 ARST