Cisco VTI site to site IPSEC VPN Tunnel

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
ellafi
Hello I'm new here
Posts: 1
Joined: Tue Nov 19, 2013 12:05 pm
Location: Canada

Cisco VTI site to site IPSEC VPN Tunnel

Post by ellafi » Tue Nov 19, 2013 12:16 pm

Thank you for your help.
I am trying to configure VTI based site to site vpn tunnel and I am having a problems that the tunnel keeps flapping (up and down). I have included my configuration below. Could anyone please explain to my why this happening. Thank you again for your help. Best wishes .

Here are the messages I got.

Nov 19 21:26:24.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
*Nov 19 21:26:24.255: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 200.200.50.1 (Tunnel0) is up: new adjacency
*Nov 19 21:26:26.311: %ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Tunnel0 - looped chain attempting to stack
*Nov 19 21:26:34.139: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing
*Nov 19 21:26:34.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
*Nov 19 21:26:34.143: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 200.200.50.1 (Tunnel0) is down: interface down



hostname R-A

crypto isakmp policy 10
encr aes 256
authentication pre-share
group 14
lifetime 3600
crypto isakmp key cisco123 address 200.200.50.1
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
!
crypto ipsec profile myprofile
set transform-set myset

!
interface Tunnel0
ip unnumbered Serial1/0
tunnel source Serial1/0
tunnel mode ipsec ipv4
tunnel destination 200.200.50.1
tunnel protection ipsec profile myprofile
!
!
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!

interface Serial1/0
ip address 200.200.30.1 255.255.255.252
clock rate 64000
!

router eigrp 1
network 200.200.30.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 200.200.30.2
ip route 192.168.5.2 255.255.255.255 200.200.30.2

end
===============================================


hostname R-B

!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 14
lifetime 3600
crypto isakmp key cisco123 address 200.200.30.1
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
!
crypto ipsec profile myprofile
set transform-set myset
!

interface Tunnel0
ip unnumbered Serial0/1/0
tunnel source Serial0/1/0
tunnel mode ipsec ipv4
tunnel destination 200.200.30.1
tunnel protection ipsec profile myprofile
!
interface FastEthernet0/0
ip address 192.168.5.1 255.255.255.0
duplex auto
speed auto
!
!
interface Serial0/1/0
ip address 200.200.50.1 255.255.255.252
encapsulation ppp
service-module t1 clock source internal
service-module t1 timeslots 1-24
!
!
router eigrp 1
network 200.200.50.0
!
!
ip route 0.0.0.0 0.0.0.0 200.200.50.2
ip route 192.168.2.2 255.255.255.255 200.200.50.2
end