Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

7102DL IPSEC VPN setup issues

Rob P_2
Occasional Advisor

7102DL IPSEC VPN setup issues

Hi all,

I am somewhat new to IPSEC VPN tunnels, and Procurves in general. I have been following some instructions on setting this up, and have had partial success....but now I am stumped I can get the tunnel up and running, my IKE settings were passed to the IPSEC VPN client successfully.

However, I seem to be parked in a walled off area that doesn't allow me to talk to the rest of the network...so I must have some of the access lists set incorrectly.

I am hoping some can point out where I went wrong...posting the relevant parts of the running config below...10.2.0.0/16 is the ip range reserved for incoming IP cients, other vlans are internal that the VPN client should be able to access.

Thanks!!

crypto map corporate_vpn 1 ipsec-ike
match address vpn_traffic
set transform-set highly_secure
set security-association lifetime seconds 1800
!
!
!
!
interface eth 0/1
description Internal
ip address 10.1.0.2 255.255.0.0
access-policy Private
no shutdown
!
!
interface eth 0/2
description External
ip address dhcp
access-policy Public
crypto map corporate_vpn
no shutdown
!
!
ip access-list standard wizard-ics
remark Internet Connection Sharing
permit any
!
!
ip access-list extended self
remark Traffic to ProCurve SR
permit ip any any log
!
ip access-list extended VPN_to_LAN
permit ip 10.2.0.0 0.0.255.255 10.1.0.0 0.0.255.255
permit ip 10.2.0.0 0.0.255.255 10.50.0.0 0.0.255.255
permit ip 10.2.0.0 0.0.255.255 10.100.0.0 0.0.255.255
permit ip 10.2.0.0 0.0.255.255 10.200.0.0 0.0.255.255
permit ip 10.2.0.0 0.0.255.255 10.250.0.0 0.0.255.255
!
ip access-list extended vpn_traffic
permit ip 10.1.0.0 0.0.255.255 10.2.0.0 0.0.255.255
permit ip 10.50.0.0 0.0.255.255 10.2.0.0 0.0.255.255
permit ip 10.150.0.0 0.0.255.255 10.2.0.0 0.0.255.255
permit ip 10.200.0.0 0.0.255.255 10.2.0.0 0.0.255.255
permit ip 10.250.0.0 0.0.255.255 10.2.0.0 0.0.255.255
permit ip 10.100.0.0 0.0.255.255 10.2.0.0 0.0.255.255
!
!
ip policy-class Private
allow list self self
allow list vpn_traffic
nat source list wizard-ics interface eth 0/2 overload
!
ip policy-class Public
allow list VPN_to_LAN
!
!
!
ip route 10.50.0.0 255.255.0.0 10.1.0.1
ip route 10.100.0.0 255.255.0.0 10.1.0.1
ip route 10.200.0.0 255.255.0.0 10.1.0.1
ip route 10.250.0.0 255.255.0.0 10.1.0.1
!
3 REPLIES
P Muralidhar Kini
Honored Contributor

Re: 7102DL IPSEC VPN setup issues

Hi Rob,

Check the following link -
http://www.commpartners.us/rc/Files/support/cpe/HP_ProCrve_7102dl_Router.pdf
->HP ProCurve 7102dl Router Configuration

Hope this helps.

Regards,
Murali
Let There Be Rock - AC/DC
Rob P_2
Occasional Advisor

Re: 7102DL IPSEC VPN setup issues

I have determined that the problem is that the Phase 2 connection is not working (a simple phase2 not found message in the client logs)....

I am using the Shewsoft VPN client. I am pretty sure I have all the Phase 2 settings matched up between the router and the VPN client...in this case, the client is set to:

Transform: esp-3des
HMAC: sha1
PFS: disabled
Compress: Disabled
Key lifetime limit: 1800 sec


Does anyone have any thoughts or suggestions? Thanks in advance...
Gerhard Roets
Esteemed Contributor

Re: 7102DL IPSEC VPN setup issues

Hi Rob

Might be good to have a look at

the transform-set highly_secure

It is not in the listing but its paramters should match those listed in the post just above.

HTH
Gerhard