dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5
share rss forum feed


GM85
Click, Click

join:2002-07-02
London, ON
reply to GM85

An Update

downloadconfigfrom2621.zip 921 bytes
(configfrom2621.txt)
downloadconfigfrom806.zip 846 bytes
(configfrom806.txt)
Well, sorry for the late reply, however I think I have almost got it.... but I just it a small snag.
I tried using the configuration from »www.cisco.com/en/US/tech/tk583/t···b8.shtml - however I have run into a slight problem.

I have attached the configurations for both the 806 and the 2621. Before I attached them, I used a word processor to replace the 806 IP address with 200.2.2.2 and the 2621 IP address with 100.1.1.1 . I have also replaced the key with Test. I figured that it would be better to remove the actual ip addresses for security, and that it would also show that the ip addresses and keys entered are the same on both sides (as they wouldn't have been replaced by the text editor if they were different).

Now... aside from all I said above, here is the problem
Whenever I try to initiate data through the tunnel, it won't go through. Every time I try this, I receive an error message on the 2621:
*Mar 1 02:58:38.515: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.
(ip) vrf/dest_addr= /100.1.1.1, src_addr= 200.2.2.2, prot= 47


I only receive this message on the 2621, not the 806. Also, this message shows up if I try to establish traffic from either side.

Now, one odd thing I have found is that if I try (from the 806 CLI) to ping the 806's tunnel0 interface, it is successful. However, if I try (from the 2621 CLI) to ping the 2621's tunnel0 interface, it fails.

One final thing: I did a check on the Cisco site to determine if I can find any solutions to that error message I stated above, however all I was able to find is that something might be wrong with the transform-set, even though it's the same on both sides.

Thanks for all of your help!


Covenant
Premium,MVM
join:2003-07-01
England
Hi GM85 See Profile,

After a quick eyeball through the configs, (and I apologise for the brevity of the eyeballing but it is 1.57am and I am HAMMERED ), looks like you applied the crypto map to the wrong interface on the 806. Apply it to the interface:

Ethernet1
ip address dhcp
ip nat outside
no cdp enable

That's all I can spot in my current state, hey I could not even spot my house when I was walking down and ended up past my house, half-a-mile down so consider yourself lucky. LOL.

Try that and if you are still having problems, post again and I shall try to remain sober when I look over it again.
--
When you post a question, you expect a reply. When I post a reply, I expect a response. Not only if the problem still exists, but also when it works. Its nice to know that the reply I gave works AND it also helps others with that problem to solve it.


GM85
Click, Click

join:2002-07-02
London, ON
said by Covenant:
looks like you applied the crypto map to the wrong interface on the 806.
THANK YOU!!!!!

Man, I feel so stupid now. I was doing this at 2am last night.... and I was so tired that I must not have realized what interface I accidentally placed the crypto map into. I guess also, that I was gettin kinda frustrated with it today (and I was more focusing on the crypto commands) I just.... overlooked the mistake.

Thanks Again!

(now I just gotta combine this with the commands for the Easy VPN Clients.... but that shouldn't be that hard, and if it is, I know where ask )