Worldwide [change] |Account |Register |About Cisco
Guest

Hierarchical Navigation

Cisco VPN 5000 Series Concentrators

Configuring Two Cisco VPN 5000 Series Concentrators to Establish a GRE Tunnel Routing IPX

Downloads

Document ID: 4178


Cisco has announced the end of sales for the Cisco VPN 5000 Series Concentrators. For more information, please see the End-of-Sales Announcement.

Contents

Introduction
Prerequisites
      Requirements
      Components Used
      Conventions
Configure
      Network Diagram
      Configurations
Verify
Troubleshoot
      Troubleshooting Commands
NetPro Discussion Forums - Featured Conversations
Related Information

Introduction

This document gives an overview of the configuration required to establish a Generic Routing Encapsulation (GRE) tunnel routing Internetwork Packet Exchange (IPX) between two Cisco VPN 5000 Series Concentrators. For information about how to establish basic connectivity, or reference on configuration syntax, refer to the VPN 5000 Concentrator documentation. Testing for this document was done with routers configured for IPX on the internal networks.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco VPN 5000 Concentrator software version 5.2.19US

  • VPN 5001 Concentrator

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, refer to Cisco Technical Tips Conventions.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: To find additional information on the commands used in this document, use the Command Lookup Tool ( registered customers only) .

Network Diagram

This document uses the network setup shown in this diagram.

vpn5k_congre_ipx_01.gif

Configurations

This document uses the configurations shown here.

VPN Concentrator 5001A

 
[ IP Ethernet 0 ]
 Mode                     = Routed
 SubnetMask               = 255.255.255.0
 IPAddress                = 10.1.1.1
[ IP Ethernet 1 ]
 Mode                     = Routed
 SubnetMask               = 255.255.255.0
 IPAddress                = 100.1.1.1

[ IP Static ]
 0.0.0.0 0.0.0.0 100.1.1.2 1 redist=none
 20.0.0.0 255.0.0.0 vpn 1 1 redist=none

[ Logging ]
 Level                    = 7
 Enabled                  = On

[ General ]
 VPNGateway               = 100.1.1.2
 EnablePassword           =
 Password                 =
 DeviceName               = "VPN5001A"
 EthernetAddress          = 00:00:a5:f0:c9:00
 DeviceType               = VPN 5001 Concentrator
 ConfiguredOn             = Timeserver not configured
 ConfiguredFrom           = Command Line, from Console

[ Tunnel Partner VPN 1 ]
 Peer                     = "20.0.0.0/8"
 BindTo                   = "ethernet1"
 LocalAccess              = "10.0.0.0/8"
 Partner                  = 200.1.1.1
 Mode                     = Main
 KeyManage                = Manual
 Authentication           = Off
 Encryption               = Off
 EncryptMethod             = None

[ IP VPN 1 ]
 Numbered                 = Off
 Mode                     = Routed

[ IPX Ethernet 0 ]
 FrameTypeIINet           = aa
 SapTimer                 = 60
 RipTimer                 = 60
 FrameSNAP                = Off
 Frame8022                = Off
 FrameRaw                 = Off
 FrameTypeII              = Seed
 Mode                     = Routed

[ IPX VPN 1 ]
 Net                      = aa
 Mode                     = Routed

 Configuration size is 1540 out of 65500 bytes.
 VPN5001A#

VPN Concentrator 5001B

 
[ General ]
 EthernetAddress          = 00:02:4b:9c:ba:80
 VPNGateway               = 200.1.1.2
 DeviceType               = VPN 5001 Concentrator
 ConfiguredOn             = Timeserver not configured
 ConfiguredFrom           = Command Line, from Console
 Password                 =
 DeviceName               = "VPN5001B"

[ IP Ethernet 1 ]
 Mode                     = Routed
 SubnetMask               = 255.255.255.0
 IPAddress                = 200.1.1.1

[ IP Ethernet 0 ]
 Mode                     = Routed
 SubnetMask               = 255.255.255.0
 IPAddress                = 20.1.1.1

[ IP Static ]
 0.0.0.0 0.0.0.0 200.1.1.2 1 redist=none
 10.0.0.0 255.0.0.0 vpn 1 1 redist=none


[ Tunnel Partner VPN 1 ]
 Peer                     = "10.0.0.0 /8"
 BindTo                   = "ethernet1 "
 LocalAccess              = "20.0.0.0/8"
 Partner                  = 100.1.1.1
 Mode                     = Main
 KeyManage                = Manual
 Authentication           = Off
 Encryption               = Off
 En cryptMethod           = None

[ IP VPN 1 ]
 Numbered                 = Off
 Mode                     = Routed

[ IPX Ethernet 0 ]
 FrameTypeIINet           = bb
 SapTimer                 = 60
 RipTimer                 = 60
 FrameSNAP                = Off
 Frame8022                = Off
 FrameRaw                 = Off
 FrameTypeII              = Seed
 Mode                     = Routed

[ IPX VPN 1 ]
 Net                      = bb
 Mode                     = Routed

Configuration size is 1442 out of 65500 bytes.
VPN5001B#

Verify

This section provides information you can use to confirm your configuration is working properly.

Certain show commands are supported by the Output Interpreter Tool ( registered customers only) , which allows you to view an analysis of show command output.

  • show vpn partners —Shows this information:

    • The VPN port number to which the peer is connected.

    • The tunnel peer's IP address.

    • The UDP port for the connection.

    • Whether the tunnel peer is connected to this VPN Concentrator's Tunnel Partner Default section instead of a specific Tunnel Partner section.

    • The IP address used as the local endpoint of the tunnel.

    • The duration that the partners have been connected.

  • show vpn statistics verbose—Shows this information for users and Partners and the total for both:

    • Current active connections.

    • Currently negotiating connections.

    • The highest number of concurrent active connections since the last reboot.

    • The total number of successful connections since the last reboot.

    • The number of tunnel starts.

    • The number of tunnels for which there were no errors.

    • The number of tunnels with errors.

  • show ipx routing—Shows the routing table in two sections. The first section is the network information for the directly-connected routes. The second section shows the dynamic routes obtained through IPX Routing Information Protocol (RIP) packets on the directly-connected networks.

  • show ipx servers—Shows the information in the Service Advertising Protocol (SAP) table, which is explained in this table:

    Type

    The server type.

    Name

    The server name.

    Net Address

    The IPX address (net - node) of the server.

    Port

    The port or socket number where the server is listening.

    Hops

    The number of hops away that the server is from this device. Values are between 1 and 16. If a hop count is 16, the server is timed out and will be purged from the table.

    TTL

    The Time to Live (TTL) for the service in seconds. A value of 999 means that the timeout is infinite and will never be timed out.

    Iface

    The interface through which information about the service is received. The interface where the service is located is also identified.

  • show ipx runtime—Displays command runtime IPX parameters.

This is sample command output of the show vpn partners command.

VPN5001C#show vpn partners

Port      Partner       Partner       Default           Bindto           Connect
Number   Address     Port            Partner           Address           Time
-------------------------------------------------------------------------
VPN 1  100.1.1.1        0                No               200.1.1.1     00:00:02:57

This is sample command output of the show vpn statistics verbose command.

VPN5001B#show vpn statistics verbose
Current In High Running Tunnel Tunnel Tunnel
Active Negot Water Total Starts OK Error
--------------------------------------------------------------
Users 0 0 0 0 0 0 0
Partners 1 0 1 1 0 0 0
Total 1 0 1 1 0 0 0

Stats VPN1
Wrapped 58794
Unwrapped 58794
BadEncap 0
BadAuth 0
BadEncrypt 0
rx IP 0
rx IPX 58794
rx Apple 0
rx Other 0
tx IP 127
tx IPX 58666
tx Apple 0
tx Other 0
IKE rekey 0

Input VPN pkts dropped due to no SA: 0

Input VPN pkts dropped due to no free queue entries: 0

ISAKMP Negotiation stats
Admin packets in 0
Fastswitch packets in 0
No cookie found 0
Can't insert cookie 0
Inserted cookie(L) 0
Inserted cookie(R) 0
Cookie not inserted(L) 0
Cookie not inserted(R) 0
Cookie conn changed 0
Cookie already inserted 0
Deleted cookie(L) 0
Deleted cookie(R) 0
Cookie not deleted(L) 0
Cookie not deleted(R) 0
Forwarded to RP 0
Forwarded to IOP 0
Bad UDP checksum 0
Not fastswitched 0
Bad Initiator cookie 0
Bad Responder cookie 0
Has Responder cookie 0
No Responder cookie 0
No SA 0
Bad find conn 0
Admin queue full 0
Priority queue full 0
Bad IKE packet 0
No memory 0
Bad Admin Put 0
IKE pkt dropped 0
No UDP PBuf 0
No Manager 0
Mgr w/ no cookie 0
Cookie Scavenge Add 0
Cookie Scavenge Rem 0
Cookie Scavenged 0
Cookie has mgr err 0
New conn limited 0
VPN5001B#

This is sample command output of the show ipx routing command.

VPN5001B#show ipx routing
Directly Connected Routes:
Net Nmbr Refs Uses Flags Iface
bb 1 497 0 Ether0

Dynamic Routes:
Net Nmbr Gateway Refs Uses Hops TTL Flags Iface
aa bb - 100.1.1.1 1 239 1 145 0 VPN1

This is sample command output of the show ipx servers command.

VPN5001B#show ipx servers
Type Name Net Address Skt Hops TTL Iface
5ba VPN5001A aa-00:00:a5:f0:c9:00::80fc 1 149 VPN1
5ba VPN5001B bb-00:02:4b:9c:ba:80::80fc 0 999 Ether0

Total Novell Servers: 2

This is sample command output of the show ipx runtime command.

VPN5001B#show ipx runtime
Timers
Port RIP SAP Frame Seed Net Flags
Ether0 60 60 Ether TypeII Seed BB <>
802.3 (RAW) Off
802.2 (LLC) Off
SNAP Off
Ether1 ** Disabled **
Bridge ** Disabled **
VPN1 60 60 BB <>
IPX RIP Global Filters: none
IPX SAP Global Filters: none

This is the show ipx servers command taken from the router.

2514b#show ipx servers
Codes: S - Static, P - Periodic, E - EIGRP, N - NLSP, H - Holddown, + = detail
U - Per-user static
2 Total IPX Servers

Table ordering is based on routing and server info

Type Name Net Address Port Route Hops Itf
P 5BA VPN5001B BB.0002.4b9c.ba80:80FC 1/00 1 Et0
P 5BA VPN5001A AA.0000.a5f0.c900:80FC 2/02 2 Et0
2514b#

Troubleshoot

This section provides information you can use to troubleshoot your configuration.

Troubleshooting Commands

Certain show commands are supported by the Output Interpreter Tool ( registered customers only) , which allows you to view an analysis of show command output.

Note: Before issuing debug commands, please see Important Information on Debug Commands.

  • show syslog buffer—Allows you to view previously buffered events.

  • vpn trace dump all—Shows information about all matching VPN connections. This includes information about:

    • The time.

    • The VPN number.

    • The real IP address of the peer.

    • The scripts that have been run.

    • In the case of an error, the routine and line number of the software code where the error occurred.

NetPro Discussion Forums - Featured Conversations

Networking Professionals Connection is a forum for networking professionals to share questions, suggestions, and information about networking solutions, products, and technologies. The featured links are some of the most recent conversations available in this technology.
NetPro Discussion Forums - Featured Conversations for VPN
Service Providers: VPN Service Architectures
Service Providers: Network Management
Virtual Private Networks: Security
Virtual Private Networks: General

Related Information

Updated: May 02, 2008Document ID: 4178