From: Jubil Mathew (jmathew@xxxxxxxxx)
Date: Thu May 17 2001 - 20:16:16 GMT-3
>Hi TIM,
I tried out the config's you gave me. Those were pretty helpful. I still
have a doubt. I configured the Tunnel interfaces to have ip address and the
souce address were tied to the serial interfaces. I was not able to Ping
between the tunnel interfaces. How do i verify that the traffic goes
through the tunnel only. Is there any special debug commands or Is using an
traffic analyser a better solution. Could anyone help me out with this one.
Sorry for the trouble
Diagram:
3640-1-A (s0/0)
-----------------------WAN----------------------------------(s0/1) 3640-2
3640-1-A#sh run
hostname 3640-1-A
boot system
slot0:c3640-io3s56i-mz.1.0.11
enable password cisco
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp key test2 address
16.16.17.2
crypto isakmp key test2 address
16.16.20.2
crypto ipsec security-association lifetime seconds
86400
crypto ipsec transform-set desmd5 esp-des
esp-md5-hmac
crypto ipsec transform-set ahmd5
ah-md5-hmac
crypto map testtest 1 ipsec-isakmp
set peer 16.16.17.2
set peer 16.16.20.2
set transform-set desmd5 ahmd5
match address 102
interface Tunnel0
ip address 130.10.10.1 255.255.255.0
tunnel source Serial0/0
tunnel destination 16.16.17.2
crypto map testtest
interface Serial0/0
ip address 16.16.18.2 255.255.255.0
encapsulation frame-relay
no ip route-cache
no ip mroute-cache
no fair-queue
frame-relay interface-dlci 101
frame-relay ip rtp header-compression
crypto map testtest
router eigrp 1
network 1.6.0.0 0.0.255.255
network 16.16.0.0 0.0.255.255
network 130.10.0.0
distribute-list 20 out Serial0/0
no auto-summary
no eigrp log-neighbor-changes
access-list 102 permit gre host 16.16.18.2 host 16.16.17.2
log
gateway
end
**********************************************************
3640-2#sh run
hostname 3640-2
enable password cisco
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp key test2 address
16.16.20.2
crypto isakmp key test2 address
16.16.18.2
crypto ipsec security-association lifetime seconds
86400
crypto ipsec transform-set desmd5 esp-des
esp-md5-hmac
crypto ipsec transform-set ahmd5
ah-md5-hmac
crypto map testtest 1 ipsec-isakmp
set peer 16.16.18.2
set peer 16.16.20.2
set transform-set desmd5 ahmd5
match address 101
interface Tunnel0
ip address 130.10.10.2 255.255.255.0
tunnel source Serial0/1
tunnel destination 16.16.18.2
crypto map testtest
interface Serial0/1
ip address 16.16.17.2 255.255.255.0
encapsulation frame-relay
no ip route-cache
ip split-horizon
no ip mroute-cache
no fair-queue
frame-relay interface-dlci 200
crypto map testtest
router eigrp 1
network 1.4.0.0 0.0.255.255
network 1.7.0.0 0.0.255.255
network 16.16.0.0 0.0.255.255
network 140.10.0.0
no auto-summary
no eigrp log-neighbor-changes
access-list 101 permit gre host 16.16.17.2 host 16.16.18.2
log
end
**************************************************************
3640-1-A#ping 130.10.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 130.10.10.2, timeout is 2 seconds:
*Mar 1 01:30:32.867: IP: s=1.6.0.21 (local), d=224.0.0.2 (Ethernet0/0),
len 48, sending broad/multicast
*Mar 1 01:30:34.247: IP: s=16.16.18.1 (Serial0/0), d=224.0.0.10, len 60,
rcvd 2
*Mar 1 01:30:34.507: IP: s=16.16.18.2 (local), d=224.0.0.10 (Serial0/0),
len 60, sending broad/multicast
*Mar 1 01:30:34.679: IP: s=130.10.10.1 (local), d=130.10.10.2 (Tunnel0),
len 100, sending
*Mar 1 01:30:34.679: IP: s=16.16.18.2 (Tunnel0), d=16.16.17.2 (Serial0/0),
len 124, sending
*Mar 1 01:30:35.135: IP: s=1.6.0.90 (Ethernet0/0), d=2.0.0.3, len 48,
unroutable
*Mar 1 01:30:35.135: IP: s=1.6.0.21 (local), d=1.6.0.90 (Ethernet0/0), len
56, sending
*Mar 1 01:30:35.135: IP: s=1.6.0.90 (Ethernet0/0), d=2.0.0.3, len 48,
unroutable.
*Mar 1 01:30:35.299: IP: s=1.6.0.21 (local), d=224.0.0.10 (Ethernet0/0),
len 60, sending broad/multicast
*Mar 1 01:30:35.455: IP: s=130.10.10.1 (local), d=224.0.0.10 (Tunnel0),
len 60, sending broad/multicast
*Mar 1 01:30:35.455: IP: s=16.16.18.2 (Tunnel0), d=16.16.17.2 (Serial0/0),
len 84, sending
*Mar 1 01:30:35.459: IP: s=1.6.0.21 (local), d=224.0.0.2 (Ethernet0/0),
len 48, sending broad/multicast
*Mar 1 01:30:36.591: IP: s=1.6.0.90 (Ethernet0/0), d=2.0.0.3, len 48,
unroutable
*Mar 1 01:30:36.591: IP: s=1.6.0.21 (local), d=1.6.0.90 (Ethernet0/0), len
56, sending
*Mar 1 01:30:36.679: IP: s=130.10.10.1 (local), d=130.10.10.2 (Tunnel0),
len 100, sending
*Mar 1 01:30:36.679: IP: s=16.16.18.2 (Tunnel0), d=16.16.17.2 (Serial0/0),
len 124, sending.
*Mar 1 01:30:38.163: IP: s=1.6.0.21 (local), d=224.0.0.2 (Ethernet0/0),
len 48, sending broad/multicast
*Mar 1 01:30:38.679: IP: s=130.10.10.1 (local), d=130.10.10.2 (Tunnel0),
len 100, sending
*Mar 1 01:30:38.679: IP: s=16.16.18.2 (Tunnel0), d=16.16.17.2 (Serial0/0),
len 124, sending
*Mar 1 01:30:38.951: IP: s=1.6.0.90 (Ethernet0/0), d=172.19.173.35, len
56, unroutable
*Mar 1 01:30:38.951: IP: s=1.6.0.21 (local), d=1.6.0.90 (Ethernet0/0), len
56, sending
*Mar 1 01:30:38.951: IP: s=1.6.0.90 (Ethernet0/0), d=172.19.173.35, len
76, unroutable
*Mar 1 01:30:39.111: IP: s=16.16.18.2 (local), d=224.0.0.10 (Serial0/0),
len 60, sending broad/multicast.
*Mar 1 01:30:39.155: IP: s=16.16.18.1 (Serial0/0), d=224.0.0.10, len 60,
rcvd 2
*Mar 1 01:30:39.547: IP: s=1.6.0.90 (Ethernet0/0), d=2.0.0.3, len 48,
unroutable
*Mar 1 01:30:39.547: IP: s=1.6.0.21 (local), d=1.6.0.90 (Ethernet0/0), len
56, sending
*Mar 1 01:30:39.831: IP: s=130.10.10.1 (local), d=224.0.0.10 (Tunnel0),
len 60, sending broad/multicast
*Mar 1 01:30:39.831: IP: s=16.16.18.2 (Tunnel0), d=16.16.17.2 (Serial0/0),
len 84, sendingu a
Success rate is 0 percent (0/3)
********************************************************************
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:44 GMT-3