I have two 1750s sharing an ethernet hub - just trying to get IPsec on a tunnel between ethernet interfaces and I am having trouble. This config seems close but I don't know what to do next
Here is the error I am getting when I try to ping the opposite end of the tunnel 01:05:29: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 01:05:29: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1 01:05:29: ISAKMP (1): sending packet to 192.168.6.50 (I) MM_NO_STATE. -- this router is at the bottom of a three router stack crypto isakmp policy 1 authentication pre-share crypto isakmp key duh address 192.168.6.51 ! ! crypto ipsec transform-set MIDDLE ah-sha-hmac esp-des ! crypto key pubkey-chain rsa named-key middle key-string 305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00D081DF 26BC7013 448EA3D2 5C0853FA E0E01770 06D6C4FE A57B165A 4BC25F0E 5FD517B1 12EEA345 8C9CC44E DCDC705E AB6327F9 81868B14 CB2294F1 304611A2 A7020301 0001 quit addressed-key 192.168.6.51 address 192.168.6.51 key-string 305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00D081DF 26BC7013 448EA3D2 5C0853FA E0E01770 06D6C4FE A57B165A 4BC25F0E 5FD517B1 12EEA345 8C9CC44E DCDC705E AB6327F9 81868B14 CB2294F1 304611A2 A7020301 0001 quit ! crypto map MIDDLE2 local-address Tunnel0 crypto map MIDDLE2 10 ipsec-isakmp set peer 192.168.6.51 set transform-set MIDDLE match address middle interface Tunnel0 ip address 192.168.6.50 255.255.255.0 tunnel source 192.168.1.50 tunnel destination 192.168.1.51 tunnel mode ipip crypto map MIDDLE2 ! interface FastEthernet0 ip address 192.168.1.50 255.255.255.0 speed auto --- this router is in the middle of a three router stack crypto isakmp policy 1 authentication pre-share crypto isakmp key duh address 192.168.6.50 ! ! crypto ipsec transform-set BOTTOM ah-sha-hmac esp-des ! crypto key pubkey-chain rsa named-key bottom key-string 305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00B941FA 8C44F60C 76199B3E DADDA933 F5EA1118 9F9410B0 E097836F 166FDC84 3FD06FA0 338E77AE F32142F4 D750F4F0 31844B70 099DD8B2 6F8753D7 70BD2BBA 03020301 0001 quit addressed-key 192.168.1.50 address 192.168.1.50 key-string 305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00B941FA 8C44F60C 76199B3E DADDA933 F5EA1118 9F9410B0 E097836F 166FDC84 3FD06FA0 338E77AE F32142F4 D750F4F0 31844B70 099DD8B2 6F8753D7 70BD2BBA 03020301 0001 quit ! crypto map BOTTOM2 local-address Tunnel0 crypto map BOTTOM2 10 ipsec-isakmp set peer 192.168.6.50 set transform-set BOTTOM match address bottom interface Tunnel0 ip address 192.168.6.51 255.255.255.0 tunnel source 192.168.1.51 tunnel destination 192.168.1.50 tunnel mode ipip crypto map BOTTOM2 ! interface Serial0 ip address 192.168.3.1 255.255.255.0 clockrate 1000000 ! interface FastEthernet0 ip address 192.168.1.51 255.255.255.0 speed auto -- Neal Rauhauser CCNP, CCDP voice: 402-301-9555 mailto:[EMAIL PROTECTED] fcc : k0bsd "I've seen the angels wearing their disguise, ordinary people leading ordinary lives" - Tracy Chapman Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52865&t=52865 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
