Hi all,
I am trying to set-up a very simple IPSEC tunnel between two networks here, just using a PC on each LAN, a simple Hub and two routers dividing the two networks, I want to set-up the IPSEC tunnel between router 1 and router 2
Router 1 has the following interfaces configured
FastEthernet0/0
10.10.10.1 255.255.255.0
FastEthernet0/1
1.1.1.1 255.255.255.0
Router 2 has the following interfaces configured
FastEthernet0/0
20.20.20.1 255.255.255.0
FastEthernet0/1
1.1.1.2 255.255.255.0
I have set-up the IPSec tunnel as per a guide on the web, here is the config of both routers, now I can seem to ping between both networks, but I can verify that the traffic is going over an encrypted VPN, or if its just standard traffic on a "normal" route.
Router1 Config
Router 2
I have tried to use the show crypto session command in packet tracer which people suggest to use to verify the tunnel status but it doesn't like it.
Any help greatly appriciated
Many thanks
I am trying to set-up a very simple IPSEC tunnel between two networks here, just using a PC on each LAN, a simple Hub and two routers dividing the two networks, I want to set-up the IPSEC tunnel between router 1 and router 2

Router 1 has the following interfaces configured
FastEthernet0/0
10.10.10.1 255.255.255.0
FastEthernet0/1
1.1.1.1 255.255.255.0
Router 2 has the following interfaces configured
FastEthernet0/0
20.20.20.1 255.255.255.0
FastEthernet0/1
1.1.1.2 255.255.255.0
I have set-up the IPSec tunnel as per a guide on the web, here is the config of both routers, now I can seem to ping between both networks, but I can verify that the traffic is going over an encrypted VPN, or if its just standard traffic on a "normal" route.
Router1 Config
Code:
Router1#show run
Building configuration...
Current configuration : 1123 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router1
!
!
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp key firewallcx address 1.1.1.2
!
!
crypto ipsec transform-set TS esp-3des esp-md5-hmac
!
crypto map CMAP 10 ipsec-isakmp
set peer 1.1.1.2
set transform-set TS
match address VPN-TRAFFIC
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 1.1.1.1 255.255.255.0
duplex auto
speed auto
crypto map CMAP
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 100 interface FastEthernet0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 20.20.20.1
ip route 10.10.10.0 255.255.255.0 1.1.1.2
!
!
ip access-list extended VPN-TRAFFIC
permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255
access-list 100 deny ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
!
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end
Router 2
Code:
Router2#show run
Building configuration...
Current configuration : 1128 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router2
!
!
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp key firewallcx address 1.1.1.1
!
!
crypto ipsec transform-set TS esp-3des esp-md5-hmac
!
crypto map CMAP 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set TS
match address VPN-TRAFFIC
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 20.20.20.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 1.1.1.2 255.255.255.0
duplex auto
speed auto
crypto map CMAP
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 100 interface FastEthernet0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
!
ip access-list extended VPN-TRAFFIC
permit ip 20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 100 remark -=[Define NAT Service]=-
access-list 100 deny ip 20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 100 permit ip 20.20.20.0 0.0.0.255 any
!
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end
I have tried to use the show crypto session command in packet tracer which people suggest to use to verify the tunnel status but it doesn't like it.
Any help greatly appriciated

Many thanks