Re: Basic IPsec VPN tunnel from marc abel on 2013-05-07 (Ccielab archives 05/2013)

From: marc abel <marcabel_at_gmail.com>
Date: Mon, 6 May 2013 23:06:14 -0500

For troubleshooting purposes I would try broadening your access-list to
include all traffic too and from your hosts. I've never done a vpn for only
one type (port of traffic) as you are specifying. Are you sourcing your
telnet from the loopback? Otherwise you aren't going to generate any
interesting traffic to initiate the tunnel.

On Mon, May 6, 2013 at 9:31 PM, Mohammad Mousa <mohd-mousa_at_hotmail.com>wrote:

> Hi Folks,
>
> I stuck in this while I've been practicing basic IPsec VPN tunnel on GNS3.
> I've got this scenario. I have EIGRP up and running between all routers.
> Connectivity has been established between R1& R3.
>
> R1(f0/0)------------R2-----------(f0/1)R3
>
> Here is my configs:
>
> R1
> ---
>
> Phase 1 attributes:
>
> crypto isakmp policy 1
> encr aes
> hash md5
> authentication pre-share
> lifetime 3600
> crypto isakmp key CISCO address 23.0.0.3 255.255.255.0
>
> Phase 2:
>
> crypto ipsec transform-set MYSET esp-aes esp-md5-hmac
> crypto map MYSET 1 ipsec-isakmp
> set peer 23.0.0.3
> set transform-set MYSET
> match address 100
>
> access-list 100 permit tcp 3.3.3.3 0.0.0.255 1.1.1.1 0.0.0.255 eq telnet
>
> int f0/0
> crypto map MYSET
>
> R3
> ---
>
> Phase 1 attributes:
>
> crypto isakmp policy 1
> encr aes
> hash md5
> authentication pre-share
> lifetime 3600
> crypto isakmp key CISCO address 12.0.0.1 255.255.255.0
>
> Phase 2:
>
> crypto ipsec transform-set MYSET esp-aes esp-md5-hmac
> crypto map MYSET 1 ipsec-isakmp
> set peer 12.0.0.1
> set transform-set MYSET
> match address 100
>
> access-list 100 permit tcp 3.3.3.3 0.0.0.255 1.1.1.1 0.0.0.255 eq telnet
>
> int f0/1
> crypto map MYSET
>
>
> Any thoughts and advices will be highly appreciated!
>
> Thanks in advance
>
> --
>
> Mohammad Mousa
> CCIE #36990
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Marc Abel
CCIE #35470
(Routing and Switching)
Blogs and organic groups at http://www.ccie.net

Received on Mon May 06 2013 - 23:06:14 ART

This archive was generated by hypermail 2.2.0 : Mon Jun 03 2013 - 06:34:34 ART