Running lan to lan ipsec VPN between 2 Cisco routers (7200) on gns3 running image C7200-ADVIPSERVICESK9-M, version 15.2(4)S5
Can someone tell me why I cannot get my packets encrypted for my lab to lan ipsec tunnel that I have setup between R1 and R2(look at the network diagram in pic attached), I have my running configs of R1 and R2 shown below as well.
Network diagram-
http://imgur.com/gallery/M5KKSic
On running "show crypto isakmp sa" no tunnel shows up and also on running "show crypto ipsec sa" shows zero packets encrypted, I tried pinging several times from both routers to both remote networks, pings were all successful but cannot understand why the packets do not get encrypted.
R1 config- R1#show running-config Building configuration...
Current configuration : 1812 bytes ! ! Last configuration change at 01:03:16 UTC Wed Jun 24 2020 ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec ! hostname R1 ! boot-start-marker boot-end-marker ! ! ! no aaa new-model no ip icmp rate-limit unreachable ip cef ! ! ! ! ! ! no ip domain lookup no ipv6 cef ! ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key cisco123 address 192.1.20.1 ! ! crypto ipsec transform-set TSET esp-3des esp-md5-hmac mode tunnel ! ! ! crypto map CMAP 5 ipsec-isakmp set peer 192.1.20.1 set transform-set TSET match address 101 ! ! ! ! ! interface Loopback0 ip address 10.1.1.1 255.255.255.0 ! interface Loopback1 ip address 172.16.1.1 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown duplex full ! interface GigabitEthernet1/0 ip address 192.1.10.1 255.255.255.0 negotiation auto crypto map CMAP ! interface GigabitEthernet2/0 no ip address shutdown negotiation auto ! interface GigabitEthernet3/0 no ip address shutdown negotiation auto ! interface GigabitEthernet4/0 no ip address shutdown negotiation auto ! interface GigabitEthernet5/0 no ip address shutdown negotiation auto ! interface GigabitEthernet6/0 no ip address shutdown negotiation auto ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ip route 10.2.2.0 255.255.255.0 192.1.10.2 ip route 10.5.5.0 255.255.255.0 192.1.10.2 ! access-list 101 permit 10 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255 ! ! ! control-plane ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! ! end
R2 config-
R2#show running-config Building configuration...
Current configuration : 1812 bytes ! ! Last configuration change at 01:01:45 UTC Wed Jun 24 2020 ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec ! hostname R2 ! boot-start-marker boot-end-marker ! ! ! no aaa new-model no ip icmp rate-limit unreachable ip cef ! ! ! ! ! ! no ip domain lookup no ipv6 cef ! ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key cisco123 address 192.1.10.1 ! ! crypto ipsec transform-set TSET esp-3des esp-md5-hmac mode tunnel ! ! ! crypto map CMAP 5 ipsec-isakmp set peer 192.1.10.1 set transform-set TSET match address 101 ! ! ! ! ! interface Loopback0 ip address 10.2.2.1 255.255.255.0 ! interface Loopback1 ip address 172.16.2.1 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown duplex full ! interface GigabitEthernet1/0 ip address 192.1.20.1 255.255.255.0 negotiation auto crypto map CMAP ! interface GigabitEthernet2/0 no ip address shutdown negotiation auto ! interface GigabitEthernet3/0 no ip address shutdown negotiation auto ! interface GigabitEthernet4/0 no ip address shutdown negotiation auto ! interface GigabitEthernet5/0 no ip address shutdown negotiation auto ! interface GigabitEthernet6/0 no ip address shutdown negotiation auto ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ip route 10.1.1.0 255.255.255.0 192.1.20.2 ip route 10.5.5.0 255.255.255.0 192.1.20.2 ! access-list 101 permit 10 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255 ! ! ! control-plane ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! ! end
R2#
Please do help!
No comments:
Post a Comment