Hi Mohammad: > -----Original Message----- > From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- > boun...@puck.nether.net] On Behalf Of Mohammad Khalil > Sent: Monday, August 10, 2009 12:21 PM > To: cisco-nsp@puck.nether.net > Subject: [c-nsp] IPSEC VPN > > > hi > i configured the below on GNS3 simulator > > Router(config)#crypto isakmp policy 1 > > Router(config-isakmp)#authentication pre-share > Router(config)#crypto isakmp key VPNKEY address x.x.x.x > > Router(config)#access-list extended LIST > > Router(config-list)#permit ip 192.168.1.0 0.0.0.255 192.168.2.0 > 0.0.0.255 > > Router(config)#crypto ipsec transform-set SET > > Router(config)#crypto map MAP 10 ipsec-isakmp > > Router(config-crypto-map)#set peer x.x.x.x > > Router(config-crypto-map)#set transform-set SET > > Router(config-crypto-map)#match address LIST > > Router(config)#interface f0/0 > > Router(config-if)#crypto map MAP > > and im trying to ping 192.168.2.1 source 192.168.1.1 (loopbacks) but im > not able to , and the show crypto isakmp sa produces empty o/p > > am i missing something here ?? > nat (inside) 0 access-list LIST
If the .1 address in both subnets are the firewall IP addresses you won't be able to ping them. Instead, try pinging through them to a host on either side. Finally, "debug crypto isakmp" and "debug crypto ipsec" are your friend, along with a "term mon" :-) Regards, Mike _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/