×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

how to iniciate vpn tunel

how to iniciate vpn tunel

how to iniciate vpn tunel

(OP)
I have two 871 cisco router and i am trying to establish an ipsec tunnel between both site.  I cant seem to initiate the tunnel.  when i do
"show crypto ipsec sa"
i get:

  protected vrf: (none)
  local  ident (addr/mask/prot/port): (192.168.15.32/255.255.255.224/0/0)
  remote ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
  current_peer 74.61.51.221 port 500
    PERMIT, flags={origin_is_acl,}
   #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
   #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
   #pkts compressed: 0, #pkts decompressed: 0
   #pkts not compressed: 0, #pkts compr. failed: 0
   #pkts not decompressed: 0, #pkts decompress failed: 0
   #send errors 0, #recv errors 0

    local crypto endpt.: 65.220.25.84, remote crypto endpt.: 74.61.51.221
    path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet4
    current outbound spi: 0x0(0)

which to me is that the tunnel is not started.
please help

RE: how to iniciate vpn tunel

your tunnel is established. you need to make sure that your crypto ACLs on both sides of the tunnel contain the proper entries and are mirror opposites of each other.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

RE: how to iniciate vpn tunel

(OP)
these are the access list from both routers

router 1
access-list 140 remark ip 192.168.15.32 0.0.0.31 192.168.1.0 0.0.0.255
access-list 140 permit ip 192.168.15.32 0.0.0.31 192.168.1.0 0.0.0.255

router 2
access-list 140 remark ip 192.168.1.0 0.0.0.255 192.168.15.32 0.0.0.31
access-list 140 permit ip 192.168.1.0 0.0.0.255 192.168.15.32 0.0.0.31

 

RE: how to iniciate vpn tunel

So how exactly are you trying to initiate the tunnel? Are you pinging, browsing file shares, etc.? A good place to start would be to issue the command debug crypto ipsec sa

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

RE: how to iniciate vpn tunel

(OP)
all the debug commands tell me that the "debug is on" and then back to a prompt.  

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close