8287382さんの投稿一覧

書き込み内容を閉じる
助け合いフォーラムの投稿
2025/02/06 投稿
IPsecが確立できない原因について

下記の構成図でGRE over IPsecを設定しましたが、うまく設定ができていませんでした。
原因がわからず、困っています。有識者の方いましたら、原因を教えていただきたいです。

https://drive.google.com/file/d/1fi0pfPTtu2w0UXeb-O6DmAg8_M7bwNSK/view?usp=drivesdk

【RT1】
crypto isakmp policy 10
encr aes
authentication pre-share
group 2

crypto isakmp key password address 20.20.20.1

crypto ipsec transform-set aes-sha ah-sha-hmac esp-sha-hmac

crypto map VPN_TO_RT3 10 ipsec-isakmp
set peer 20.20.20.1
set transform-set aes-sha
match address IPSec_To_RT3

interface Tunnel1
ip address 192.168.100.1 255.255.255.0
mtu 1476
tunnel source GigabitEthernet0/0/0
tunnel destination 20.20.20.1

interface GigabitEthernet0/0/0
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
crypto map VPN_TO_RT3

interface GigabitEthernet0/0/1
ip address 192.168.10.254 255.255.255.0
duplex auto
speed auto

interface GigabitEthernet0/0/2
no ip address
duplex auto
speed auto
shutdown

router ospf 1
log-adjacency-changes
network 10.10.10.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0

ip access-list extended IPSec_To_RT3
permit gre host 10.10.10.1 host 20.20.20.1
permit esp host 10.10.10.1 host 20.20.20.1
permit udp host 10.10.10.1 host 20.20.20.1

【RT3】
crypto isakmp policy 10
encr aes
authentication pre-share
group 2

crypto isakmp key password address 10.10.10.1

crypto ipsec transform-set aes-sha ah-sha-hmac esp-sha-hmac

crypto map VPN_TO_RT1 10 ipsec-isakmp
set peer 10.10.10.1
set transform-set aes-sha
match address IPSec_To_RT1

interface Tunnel1
ip address 192.168.100.2 255.255.255.0
mtu 1476
tunnel source GigabitEthernet0/0/0
tunnel destination 10.10.10.1

interface GigabitEthernet0/0/0
ip address 20.20.20.1 255.255.255.0
duplex auto
speed auto
crypto map VPN_TO_RT1

interface GigabitEthernet0/0/1
ip address 192.168.30.254 255.255.255.0
duplex auto
speed auto

interface GigabitEthernet0/0/2
no ip address
duplex auto
speed auto
shutdown

router ospf 1
log-adjacency-changes
network 20.20.20.0 0.0.0.255 area 0
network 192.168.30.0 0.0.0.255 area 0

ip access-list extended IPSec_To_RT1
permit gre host 20.20.20.1 host 10.10.10.1
permit esp host 20.20.20.1 host 10.10.10.1
permit udp host 20.20.20.1 host 10.10.10.1

少し投げやりな質問で申し訳ないです。宜しくお願い致します。

合格体験記の投稿
投稿がありません