You are providing a config that shows the "WAN" link that connects the two routers. Do you also have a "LAN" side to each of those routers? That is where your host computers would reside. The addresses for the "LAN" are what is expected in access-list 100. Sort of FastEthernet 0/1 ip address 172.16.1.1 etc. Maybe use 172.16.2.1 on the other router's LAN. access-list 100 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 If you do a test ping to open the VPN tunnel use an extended ping with the source address of your "LAN" interface. More fun to use PCs on each end. HTH
> -----Original Message----- > From: Selcuk Kardes [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 17, 2002 11:09 AM > To: [EMAIL PROTECTED] > Subject: Re: IPsec basics?? [7:59358] > > > Hi Alaerte, > > http://www.cisco.com/warp/public/707/17.html#Sec3.1 > this link and your suggested configuration and also my > confuguration are > all same ... > but my confuguration doesn't work ..... > i am working .... > > thanks for help... > Selcuk > > my configuration is: > > Current configuration: > ! > version 12.1 > hostname test > crypto isakmp policy 1 > authentication pre-share > lifetime 3000 > crypto isakmp key cisco address 192.168.2.70 > ! > ! > crypto ipsec transform-set mytransform esp-des esp-md5-hmac > ! > crypto map mycrypto 10 ipsec-isakmp > set peer 192.168.2.70 > set transform-set mytransform > match address 100 > ! > interface FastEthernet0/0 > ip address 192.168.2.69 255.255.255.192 > duplex auto > speed auto > crypto map mycrypto > ! > ip classless > ip route 0.0.0.0 0.0.0.0 192.168.2.97 > no ip http server > ! > access-list 100 permit ip host 192.168.2.69 host 192.168.2.70 > > > [EMAIL PROTECTED] wrote: > > >Hi, > > > >Here is an example: > > > >crypto isakmp policy 1 > > authentication pre-share > > lifetime 3000 > >crypto isakmp key cisco address 192.168.14.2 > >! > >crypto ipsec transform-set mytransform esp-des esp-md5-hmac > >! > >crypto map mycrypto local-address Serial0.14 > >crypto map mycrypto 10 ipsec-isakmp > > set peer 192.168.14.2 > > set transform-set mytransform > > match address 100 > >! > >interface Loopback1 > > ip address 1.1.1.1 255.255.255.0 > >! > >interface Serial0.14 point-to-point > > ip address 192.168.14.1 255.255.255.0 > > frame-relay interface-dlci 114 > > crypto map mycrypto > >! > >router ospf 1 > > log-adjacency-changes > > network 0.0.0.0 255.255.255.255 area 0 > >! > >ip classless > >ip http server > >! > >access-list 100 permit icmp host 1.1.1.1 host 4.4.4.4 > > > > > >Regards, > > > >Alaerte > > > > > > > > > > > > > > > >"Selcuk Kardes" @groupstudy.com em 17/12/2002 > >08:11:51 > > > >Favor responder a "Selcuk Kardes" > > > >Enviado Por: [EMAIL PROTECTED] > > > > > >Para: [EMAIL PROTECTED] > >cc: > > > >Assunto: Re: IPsec basics?? [7:59358] > > > > > >hi, > >i am trying now to run ipsec between two router > >is there anybody have basic running konfigurasyon.... > >now i am looking cisco's ipsec pages > >but yet i can't accomplisht this issue > > > > > >ramesh c wrote: > > > > > > > >>Folks, > >>Would appreciate if anyone can explain the basics of VPN(Ipsec). > >> > >>I got a Ipsec running between two pix.What really happens > when a packet > >>arrives at the interface?I need the entire process... > >> > >>Cheers > >> > >> > >>_____________________________________________________________ > >>Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. > >>http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus > >> > >> > >Virus taramasi Is Net tarafindan yapilmistir. > >This e-mail is checked by Is Net against all known types of viruses. > >Is Net'in YILBASI HEDIYE kampanyasini duymus muydunuz? > >http://www.isnet.net.tr/hediyesepeti/index2.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59387&t=59358 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]