From: Luan Nguyen (lm_nguyen@xxxxxxxxxxx)
Date: Thu Nov 16 2000 - 12:24:43 GMT-3
Try to put access list permit gre between your ethernet interfaces...maybe
that will help
access-list 102 permit gre source - destination
>From: "Steve McNutt" <lpd@jacksonville.net>
>Reply-To: "Steve McNutt" <lpd@jacksonville.net>
>To: "Rob Barton" <robbarto@cisco.com>, "Ccielab" <ccielab@groupstudy.com>
>CC: <Simon.Baxter@au.logical.com>
>Subject: RE: IPsec over GRE
>Date: Thu, 16 Nov 2000 01:44:10 -0500
>
>does r1 have 200.1.1.0/24 and does r2 have 100.1.1.0/24 in their
>respective
>routing tables? your error message means that the key exchange is failing
>which in this case looks like it could be a simple reachability problem.
>
>at any rate, since IKE ain't hapening the thing to do beyond making sure
>the
>loopbacks are pingable would be to use debug crypto isakmp, which should
>tell you pretty much why your key exchange is blowing up.
>
> you might have to spend some time on CCO to learn how to interpret the
>output, but it's pretty straightforward.
>
>-s
> -----Original Message-----
> From: Rob Barton [mailto:robbarto@cisco.com]
> Sent: Wednesday, November 15, 2000 7:38 PM
> To: Ccielab
> Cc: lpd@jacksonville.net; Simon.Baxter@au.logical.com
> Subject: IPsec over GRE
>
>
> Here is the config I am currently using, but i still can't ping to the
>IP
>address of the other side of the GRE tunnle. I am getting this weird error
>message:
>
> 02:31:41: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed
>with peer
> at 100.1.1.1
>
> R1 and R2 are directly connected through a x-over cable on FastEthernet
>
> Any ideas?
>
> Thanks - Rob.
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:45 GMT-3