Doesn't peer address just the host IP?
Any idea why do you use subnet mask in your peer-address ?
Try removing the subnet mask ;)
Cheers,
DC
On Mon, Jul 5, 2010 at 9:56 AM, Sadiq Yakasai <sadiqtanko_at_gmail.com> wrote:
> On R4, can you make these more specific (/32 and not /24)?
>
>
> crypto isakmp key keynya address 20.0.0.5 255.255.255.255
> crypto isakmp key kuncikunci address 20.0.0.6 255.255.255.255
>
> Let us know what happens...
>
> HTH,
> Sadiq
>
> On Mon, Jul 5, 2010 at 5:34 PM, Taufik Kurniawan <ktaufik_at_gmail.com>
> wrote:
>
> > Can anybody help why ?
> >
> >
> > R4
> >
> > crypto isakmp policy 1
> > encr 3des
> > authentication pre-share
> > group 2
> > !
> > crypto isakmp policy 2
> > encr aes 256
> > authentication pre-share
> > group 5
> > crypto isakmp key keynya address 20.0.0.5 255.255.255.0
> > crypto isakmp key kuncikunci address 20.0.0.6 255.255.255.0
> > !
> > !
> > crypto ipsec transform-set transetnya esp-3des esp-sha-hmac
> > crypto ipsec transform-set transet3 esp-aes 256 esp-sha-hmac
> > !
> > crypto ipsec profile profile3
> > set transform-set transet3
> > !
> > crypto ipsec profile profilenya
> > set transform-set transetnya
> > !
> > interface Loopback0
> > ip address 202.155.40.1 255.255.255.0
> > !
> > interface Tunnel45
> > ip address 202.155.0.9 255.255.255.252
> > tunnel source FastEthernet0/0
> > tunnel destination 20.0.0.5
> > tunnel mode ipsec ipv4
> > tunnel protection ipsec profile profilenya
> > !
> > interface Tunnel46
> > ip address 202.155.0.13 255.255.255.252
> > tunnel source FastEthernet0/0
> > tunnel destination 20.0.0.6
> > tunnel mode ipsec ipv4
> > tunnel protection ipsec profile profile3
> > !
> > interface FastEthernet0/0
> > ip address 20.0.0.4 255.255.255.0
> > duplex auto
> > speed auto
> > !
> >
> >
> > R5
> > crypto isakmp policy 1
> > encr 3des
> > authentication pre-share
> > group 2
> > crypto isakmp key keynya address 20.0.0.4 255.255.255.0
> > !
> > !
> > crypto ipsec transform-set transetnya esp-3des esp-sha-hmac
> > !
> > crypto ipsec profile profilenya
> > set transform-set transetnya
> > !
> > !
> > !
> > !
> > !
> > !
> > !
> > !
> > interface Loopback0
> > ip address 202.155.50.1 255.255.255.0
> > !
> > interface Tunnel0
> > ip address 202.155.0.10 255.255.255.252
> > tunnel source FastEthernet0
> > tunnel destination 20.0.0.4
> > tunnel mode ipsec ipv4
> > tunnel protection ipsec profile profilenya
> > !
> >
> > R6
> >
> > !
> > crypto isakmp policy 2
> > encr aes 256
> > authentication pre-share
> > group 5
> > crypto isakmp key kuncikunci address 20.0.0.4 255.255.255.0
> > !
> > !
> > crypto ipsec transform-set transet3 esp-aes 256 esp-sha-hmac
> > !
> > crypto ipsec profile profile3
> > set transform-set transet3
> > !
> > !
> > !
> > !
> > !
> > !
> > !
> > !
> > interface Tunnel0
> > ip address 202.155.0.14 255.255.255.252
> > tunnel source FastEthernet0
> > tunnel destination 20.0.0.4
> > tunnel mode ipsec ipv4
> > tunnel protection ipsec profile profile3
> > !
> > interface Ethernet0
> > no ip address
> > shutdown
> > half-duplex
> > !
> > interface FastEthernet0
> > ip address 20.0.0.6 255.255.255.0
> > speed auto
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> CCIE #19963
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Jul 05 2010 - 10:46:14 ART
This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 19:19:15 ART