Hello,
Is there anyone have problem with site to site vpn which is using Ikev1, after done configuration I it was still shown There are no ipsec sas:
# show crypto ipsec sa detail
There are no ipsec sas
# show crypto ikev1 sa detail
There are no IKEv1 SAs
Here is my configuration:
######Configure IPSEC for SiteA
Phase 1:
crypto ikev1 enable WAN
crypto ikev1 policy 1
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
tunnel-group 174.x.x.x type ipsec-l2l
tunnel-group 174.x.x.x ipsec-attributes
ikev1 pre-shared-key xxxxxx
Phase 2:
object network inside_lan
subnet 10.150.206.96 255.255.255.224
object network outside_lan
subnet 10.250.24.0 255.255.255.0
access-list 80 extended permit ip object inside_lan object outside_lan
crypto ipsec ikev1 transform-set myset esp-aes-256 esp-sha-hmac
crypto map outside_map 20 match address 80
crypto map outside_map 20 set peer 72.x.x.x
crypto map outside_map 20 set ikev1 transform-set myset
crypto map outside_map 20 set pfs
crypto map outside_map interface WAN
nat (LAN1,WAN) source static inside_lan inside_lan destination static outside_lan outside_lan
######Configure IPSEC for SiteB
Phase 1:
crypto ikev1 enable WAN
crypto ikev1 policy 1
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
tunnel-group 72.x.x.x type ipsec-l2l
tunnel-group 72.x.x.x ipsec-attributes
ikev1 pre-shared-key xxxxxxx
Phase 2:
object network inside_lan
subnet 10.250.24.0 255.255.255.0
object network outside_lan
subnet 10.150.206.96 255.255.255.224
access-list 80 extended permit ip object inside_lan object outside_lan
crypto ipsec ikev1 transform-set myset esp-aes-256 esp-sha-hmac
crypto map outside_map 20 match address 80
crypto map outside_map 20 set peer 174.x.x.x
crypto map outside_map 20 set ikev1 transform-set myset
crypto map outside_map 20 set pfs
crypto map outside_map interface WAN
nat (LAN1,WAN) source static inside_lan inside_lan destination static outside_lan outside_lan
------------------------------
I really appricated for your advice and idea.
Thank//Keven
No comments:
Post a Comment