• Advertisement

Cisco VTI site to site IPSEC VPN Tunnel

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.

Cisco VTI site to site IPSEC VPN Tunnel

Postby ellafi » Tue Nov 19, 2013 11:16 am

Thank you for your help.
I am trying to configure VTI based site to site vpn tunnel and I am having a problems that the tunnel keeps flapping (up and down). I have included my configuration below. Could anyone please explain to my why this happening. Thank you again for your help. Best wishes .

Here are the messages I got.

Nov 19 21:26:24.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
*Nov 19 21:26:24.255: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 200.200.50.1 (Tunnel0) is up: new adjacency
*Nov 19 21:26:26.311: %ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Tunnel0 - looped chain attempting to stack
*Nov 19 21:26:34.139: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing
*Nov 19 21:26:34.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
*Nov 19 21:26:34.143: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 200.200.50.1 (Tunnel0) is down: interface down



hostname R-A

crypto isakmp policy 10
encr aes 256
authentication pre-share
group 14
lifetime 3600
crypto isakmp key cisco123 address 200.200.50.1
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
!
crypto ipsec profile myprofile
set transform-set myset

!
interface Tunnel0
ip unnumbered Serial1/0
tunnel source Serial1/0
tunnel mode ipsec ipv4
tunnel destination 200.200.50.1
tunnel protection ipsec profile myprofile
!
!
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!

interface Serial1/0
ip address 200.200.30.1 255.255.255.252
clock rate 64000
!

router eigrp 1
network 200.200.30.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 200.200.30.2
ip route 192.168.5.2 255.255.255.255 200.200.30.2

end
===============================================


hostname R-B

!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 14
lifetime 3600
crypto isakmp key cisco123 address 200.200.30.1
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
!
crypto ipsec profile myprofile
set transform-set myset
!

interface Tunnel0
ip unnumbered Serial0/1/0
tunnel source Serial0/1/0
tunnel mode ipsec ipv4
tunnel destination 200.200.30.1
tunnel protection ipsec profile myprofile
!
interface FastEthernet0/0
ip address 192.168.5.1 255.255.255.0
duplex auto
speed auto
!
!
interface Serial0/1/0
ip address 200.200.50.1 255.255.255.252
encapsulation ppp
service-module t1 clock source internal
service-module t1 timeslots 1-24
!
!
router eigrp 1
network 200.200.50.0
!
!
ip route 0.0.0.0 0.0.0.0 200.200.50.2
ip route 192.168.2.2 255.255.255.255 200.200.50.2
end
ellafi
Hello I'm new here
 
Posts: 1
Joined: Tue Nov 19, 2013 11:05 am

Advertisement


  • Advertisement


Similar topics


Return to Cisco Security

Who is online

Users browsing this forum: Bing [Bot] and 1 guest