nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

SDM VPN bug?

rewind

I am trying to use SDM to set up a simple Site-to-Site VPN on a 3640. When I get to the screen with peer identiy and and authenticatin options, i choose "pre-shared keys". After entering all the info, I click next, but just get an hourglass icon and no response. This has happened on several differnt model routers for me. Can anybody please help!

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

dtlokee

Did you use the option to configure both sides? I don't remember the exact steps it takse you through but I could see it hanging if it's trying to configure a remote rotuer that is not accessable.

rewind

dtlokee wrote:

Did you use the option to configure both sides? I don't remember the exact steps it takse you through but I could see it hanging if it's trying to configure a remote rotuer that is not accessable.

Thanks for replying!

I don't know about any option to configure both sides. Where is that located?

Here's what I've done:

Configure->VPN->Site-to-Site VPN->Create Site-to-Site VPN->Launch selected task->Step by step wizard->Next->Seleted interface, entered static peer identity, pre-shared key authentication, entered pre-shared key-> Next-> hang...

The weird thing is, is that I can enter teh coresponding command "crypto isakmp key xxx peer x.x.x.x" in the cli with no problem. Also when configuring a GRE over IPsec tunnel, SDM let's me put in a preshared key with no hanging...

mikej412

I just tried it -- with a dead peer -- and it worked fine. SDM 2.3.3 loaded on a laptop and a 3620 with IOS c3620-ik9o3s7-mz.123-17a.bin -- configuration looks fine.

rewind

mikej412 wrote:

I just tried it -- with a dead peer -- and it worked fine. SDM 2.3.3 loaded on a laptop and a 3620 with IOS c3620-ik9o3s7-mz.123-17a.bin -- configuration looks fine.

Darn. Sucks for me then...

I was originally trying this using dynagen with a 7206 running the latest 12.4 IOS for an ISCW lab. Thought the emulator was buggy so I pulled out a 3640 running a 12.2 IOS and a laptop with 12.5 SDM. Only thing is that the SDM isn't installed on the router, I'm running it from the laptop. Whats really weird is that after this I was able to do a GRE over IPsec lab just fine!

I am confused since the GRE over IPsec using the same steps/protocols as the Site-to-Site (ie. the part where I have to enter a preshared key doesn't hang on me!)

I hate it when labs don't work and I can't figure it out. It's gonna bug the heck outta me...

Any tips on what I can do about this?

Quick Links

All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of