I'm new here.
I am facing a problem in which I can't apply my Site to Site VPN successfully on Packet Tracer, and I'm really baffled. Tried to consult youtube and all but can't get it running.
Where have I gone wrong with the commands?
This is the link to my packet tracer file: Version 2.pkt
HQ CONFIG:
crypto isakmp enable
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
exit
crypto isakmp key 0 address 200.0.0.9 0.0.0.0
crypto ipsec transform-set VPN-MAP esp-3des esp-sha-hmac
ip access-list extended vpns2s
permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
exit
crypto map VPN-MAP 1 ipsec-isakmp
description VPN connection to BRANCH
match address vpns2s
set peer 200.0.0.9
set pfs group2
set transform-set VPN-MAP
exit
interface S0/0/0
crypto map VPN-MAP
BRANCH CONFIG:
crypto isakmp enable
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
exit
crypto isakmp key 0 address 200.0.0.1 0.0.0.0
crypto ipsec transform-set VPN-MAP esp-3des esp-sha-hmac
ip access-list extended vpns2s
permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
exit
crypto map VPN-MAP 10 ipsec-isakmp
description VPN connection to HQ
match address vpns2s
set peer 200.0.0.1
set pfs group2
set transform-set VPN-MAP
exit
interface S0/0/1
crypto map VPN-MAP
After applying the commands it apparently doesn't work..
Best Answer
You should assign an IP addresses to your serial interfaces. 200.0.0.1 and 200.0.0.9
Currently your routers have crypto-maps, which set up to look on each other by IP addresses, but this addresses actually not assigned to any router interfaces. On router 1 (HQ) enter in configuration mode:
And same on other router (branch):