Do you have routes between 3.3.3.3 and 1.1.1.1? What does "show crypto isakmp sa" say? What does "show crypto ipsec sa" say? How about "debug crypto isakmp" and "debug crypto ipsec"?
IPsec is generally easier to troubleshoot from show and debug outputs as opposed to looking at the show run output.
Brian McGahan, CCIE #8593 (R&S/SP/Security), CCDE #2013::13
bmcgahan_at_INE.com
Internetwork Expert, Inc.
http://www.INE.com
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Mohammad Mousa
Sent: Monday, May 06, 2013 9:31 PM
To: ccielab_at_groupstudy.com
Subject: Basic IPsec VPN tunnel
Hi Folks,
I stuck in this while I've been practicing basic IPsec VPN tunnel on GNS3. I've got this scenario. I have EIGRP up and running between all routers. Connectivity has been established between R1& R3.
R1(f0/0)------------R2-----------(f0/1)R3
Here is my configs:
R1
--- Phase 1 attributes: crypto isakmp policy 1 encr aes hash md5 authentication pre-share lifetime 3600 crypto isakmp key CISCO address 23.0.0.3 255.255.255.0 Phase 2: crypto ipsec transform-set MYSET esp-aes esp-md5-hmac crypto map MYSET 1 ipsec-isakmp set peer 23.0.0.3 set transform-set MYSET match address 100 access-list 100 permit tcp 3.3.3.3 0.0.0.255 1.1.1.1 0.0.0.255 eq telnet int f0/0 crypto map MYSET R3 --- Phase 1 attributes: crypto isakmp policy 1 encr aes hash md5 authentication pre-share lifetime 3600 crypto isakmp key CISCO address 12.0.0.1 255.255.255.0 Phase 2: crypto ipsec transform-set MYSET esp-aes esp-md5-hmac crypto map MYSET 1 ipsec-isakmp set peer 12.0.0.1 set transform-set MYSET match address 100 access-list 100 permit tcp 3.3.3.3 0.0.0.255 1.1.1.1 0.0.0.255 eq telnet int f0/1 crypto map MYSET Any thoughts and advices will be highly appreciated! Thanks in advance -- Mohammad Mousa CCIE #36990 Blogs and organic groups at http://www.ccie.netReceived on Mon May 06 2013 - 22:10:29 ART
This archive was generated by hypermail 2.2.0 : Mon Jun 03 2013 - 06:34:34 ART