router to router vpn ~ HELP

Discussion in 'Cisco' started by umiseaz, May 25, 2009.

  1. umiseaz

    umiseaz

    Joined:
    May 25, 2009
    Messages:
    1
    hi all,

    i want to do simulation of end to end vpn
    i prepare 2 x cisco 2811 router + 1 x catalyst 3750 switch

    topology

    fa0/1(LAN - 10.1.1.1)->router 1->fa0/0 (WAN - 1.1.1.2)~~~(3750 switch act as internet cloud)~~~fa0/0 (WAN 2.2.2.2)<-router 2<-fa0/1 (LAN - 192.168.1.1)


    ----------------------------------------------------------------------
    i have configure the routers and switch but the ipsec is not up

    router1#sh crypto isakmp sa
    dst src state conn-id slot status

    router1#

    ----------------------------------------------------------------------------

    pls see the attach config below.

    hostname router1
    !
    crypto isakmp enable
    !
    crypto isakmp policy 10
    encr 3des
    authentication pre-share
    lifetime 28800
    crypto isakmp key cisco address 2.2.2.2
    !
    crypto ipsec transform-set User-Define-Tunnel esp-3des esp-sha-hmac
    !
    crypto map Testing 1 ipsec-isakmp
    set peer 2.2.2.2
    set security-association lifetime seconds 900
    set transform-set User-Define-Tunnel
    set pfs group1
    match address 101
    !
    interface FastEthernet0/0
    description --- outside - WAN ---
    ip address 1.1.1.2 255.0.0.0
    no shut
    duplex auto
    speed auto
    crypto map Testing
    !
    interface FastEthernet0/1
    description --- inside - LAN ---
    ip address 10.1.1.1 255.255.255.0
    no shut
    no keepalive
    duplex auto
    speed auto
    !
    ip route 0.0.0.0 0.0.0.0 1.1.1.1
    !
    access-list 101 remark --- ACL for customer traffic from router 2 to router 1
    access-list 101 permit ip 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255

    -----------------------------------------------------------------------------------------------------

    hostname router2
    !
    crypto isakmp enable
    !
    crypto isakmp policy 10
    encr 3des
    authentication pre-share
    lifetime 28800
    crypto isakmp key cisco address 1.1.1.2
    !
    crypto ipsec transform-set User-Define-Tunnel esp-3des esp-sha-hmac
    !
    crypto map Testing 1 ipsec-isakmp
    set peer 1.1.1.2
    set security-association lifetime seconds 900
    set transform-set User-Define-Tunnel
    set pfs group1
    match address 101
    !
    interface FastEthernet0/0
    description --- outside - WAN ---
    ip address 2.2.2.2 255.0.0.0
    no shut
    duplex auto
    speed auto
    crypto map Testing
    !
    interface FastEthernet0/1
    description --- inside - LAN ---
    ip address 192.168.1.1 255.255.255.0
    no shut
    no keepalive
    duplex auto
    speed auto
    !
    ip route 0.0.0.0 0.0.0.0 2.2.2.1
    !
    access-list 101 remark --- ACL for customer traffic from router 2 to router 1 ---
    access-list 101 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

    ---------------------------------------------------------------------------------------------------------------

    hostname internet_clould
    !
    !
    no aaa new-model
    switch 2 provision ws-c3750-24ts
    system mtu routing 1500
    ip subnet-zero
    ip routing
    !
    !
    !
    !
    no file verify auto
    spanning-tree mode pvst
    spanning-tree extend system-id
    !
    vlan internal allocation policy ascending
    !
    !
    interface FastEthernet2/0/1
    switchport access vlan 100
    !
    interface FastEthernet2/0/2
    switchport access vlan 200
    !
    interface Vlan1
    no ip address
    shutdown
    !
    interface Vlan100
    ip address 1.1.1.1 255.0.0.0
    !
    interface Vlan200
    ip address 2.2.2.1 255.0.0.0
    !
    ip classless
    ip route 10.1.1.0 255.255.255.0 1.1.1.2
    ip route 192.168.1.0 255.255.255.0 2.2.2.2
    ip http server
    !
    !
    !
    control-plane
    !
    !
    line con 0
    line vty 0 4
    login
    line vty 5 15
    login
    !
    end
     
    umiseaz, May 25, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Elise
    Replies:
    6
    Views:
    848
    John Rennie
    May 22, 2004
  2. tical
    Replies:
    3
    Views:
    3,954
    tical
    May 27, 2004
  3. Mike Doty
    Replies:
    1
    Views:
    604
  4. black42@gmail.com

    Vpn 3020 and linksys vpn router

    black42@gmail.com, Dec 22, 2004, in forum: Cisco
    Replies:
    0
    Views:
    445
    black42@gmail.com
    Dec 22, 2004
  5. pasatealinux
    Replies:
    1
    Views:
    2,082
    pasatealinux
    Dec 17, 2007
Loading...

Share This Page