Question : Cisco router IP sec VPN configuration

I did this IP sec configuration in Cisco routers but it doesn't work  

1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85:

Router2#show running-config Building configuration... Current configuration : 1236 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 ??????? enable password ??????? ! no aaa new-model ip cef ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! archive log config hidekeys ! ! ! ! crypto isakmp policy 1 hash md5 authentication pre-share crypto isakmp key 6 iccsat6677888 address 79.170.7.38 ! ! crypto ipsec transform-set iccsat6677888 ah-sha-hmac esp-aes 256 ! crypto map iccsat6677888 1 ipsec-isakmp set peer 79.170.7.38 set security-association lifetime seconds 190 set transform-set iccsat6677888 match address 101 ! ! ! interface FastEthernet0/0 ip address 79.170.6.14 255.255.255.240 duplex auto speed auto crypto map iccsat6677888 ! interface FastEthernet0/1 ip address 192.168.15.1 255.255.255.0 duplex auto speed auto ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 79.170.6.1 ! no ip http server no ip http secure-server ! access-list 101 permit ip 0.0.0.0 255.255.255.0 any ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 password ????????? login ! scheduler allocate 20000 1000 end Router2#

1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127:

Router1#show RUNning-config Building configuration... Current configuration : 1354 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable password ???????????/ ! no aaa new-model dot11 syslog ! ! ip cef ! ! ! multilink bundle-name authenticated ! ! voice-card 0 no dspfarm ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! archive log config hidekeys ! ! crypto isakmp policy 1 hash md5 authentication pre-share crypto isakmp key 6 iccsat6677888 address 79.170.6.14 ! ! crypto ipsec transform-set iccsat6677888 ah-sha-hmac esp-aes 256 ! crypto map iccsat6677888 1 ipsec-isakmp set peer 79.170.6.14 set security-association lifetime seconds 190 set transform-set iccsat6677888 match address 101 ! crypto map vpn1 1 ipsec-isakmp ! Incomplete ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 79.170.7.38 255.255.255.248 ip broadcast-address 79.170.7.32 duplex auto speed auto crypto map iccsat6677888 ! interface FastEthernet0/1 ip address 192.168.200.1 255.255.255.0 duplex auto speed auto ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 79.170.7.33 ! ! no ip http server no ip http secure-server ! access-list 101 permit ip 0.0.0.0 255.255.255.0 any ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 password ???????? login ! scheduler allocate 20000 1000 ! end Router1#

Answer : Cisco router IP sec VPN configuration

Hi,

you missed the acls:

you need the following:

Router A
conf t
no access-list 101
access-list 101 permit ip 192.168.15.0 0.0.0.255 192.168.200.0 0.0.0.255

Router B
conf t
no access-list 101
access-list 101 permit ip 192.168.200.0 0.0.0.255 192.168.15.0 0.0.0.255