Cisco CRYPTO VPN with ip load-sharing per-packet

Discussion in 'Cisco' started by Cowpuppy, Nov 19, 2008.

  1. Cowpuppy

    Cowpuppy

    Joined:
    Nov 19, 2008
    Messages:
    1
    Likes Received:
    0
    Location:
    Kalispell, NT
    Hello Group

    I hope someone can help me with this VPN Problem.

    See below my config. Basically the vpn never establishes. The Other router is very similar in config. Only different in The ip's it uses.

    This is my lab setup, I can try anything, and I have tried alot of things, but nothing works.

    Here are some constants though. I can't use MLPPP. I Have to have an IP on each atm interface for monitoring purposes.

    Can anyone help me?

    ========================

    crypto isakmp policy 11
    hash md5
    authentication pre-share
    crypto isakmp key bonded address 888.123.207.33 no-xauth
    !
    !
    crypto ipsec transform-set MYSET esp-3des esp-md5-hmac
    !
    crypto map mymap 11 ipsec-isakmp
    description Connection to Bonded2
    set peer 888.123.207.33
    set transform-set MYSET
    match address 133
    !
    !
    !
    !
    interface Loopback0
    ip address 888.123.207.25 255.255.255.248
    ip verify unicast reverse-path
    ip nat outside
    crypto map mymap
    !
    interface ATM0/0
    description Line 1
    no ip address
    no ip mroute-cache
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    interface ATM0/0.1 point-to-point
    description Line 1
    ip address 10.11.12.2 255.255.255.252
    ip verify unicast reverse-path
    ip load-sharing per-packet
    pvc 8/35
    encapsulation aal5snap
    !
    !
    interface FastEthernet0/0
    ip address 192.168.25.1 255.255.255.0
    no ip proxy-arp
    ip nat inside
    ip route-cache flow
    duplex auto
    speed auto
    !
    interface ATM0/1
    description Line 2
    no ip address
    no ip mroute-cache
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    interface ATM0/1.1 point-to-point
    description Line 2
    ip address 10.11.12.6 255.255.255.252
    ip verify unicast reverse-path
    ip load-sharing per-packet
    pvc 8/35
    encapsulation aal5snap
    !
    !
    ip nat inside source list 103 interface Loopback0 overload
    ip classless
    ip route 0.0.0.0 0.0.0.0 10.11.12.1
    ip route 0.0.0.0 0.0.0.0 10.11.12.5
    !
    access-list 103 deny ip 192.168.25.0 0.0.0.255 192.168.33.0 0.0.0.255
    access-list 103 permit ip 192.168.25.0 0.0.0.255 any
    access-list 104 permit icmp any any echo
    access-list 104 permit icmp any any echo-reply
    access-list 133 permit ip 192.168.25.0 0.0.0.255 192.168.33.0 0.0.0.255
    end
     
    Cowpuppy, Nov 19, 2008
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.