· 7 years ago · Mar 15, 2018, 01:00 PM
1**Gateway**
2Network: default
3Region: europe-west1
4Google IP address: 104.199.XXX.XXX
5
6**Tunnel**
7Peer IP address: 37.191.XXX.XXX
8Routing type: Policy-based
9Local IP ranges: 10.132.XXX.XXX/32
10Routes: 172.31.XXX.XXX/16
11IKE version: IKEv2
12
13crypto ikev2 proposal Google-VPN
14encryption aes-cbc-128
15integrity sha256
16group 14
17!
18crypto ikev2 policy Google-VPN
19proposal Google-VPN
20!
21crypto ikev2 keyring Google-VPN
22peer Google
23 address 104.199.XXX.XXX
24 pre-shared-key SECRET_KEY
25!
26!
27crypto ikev2 profile Google-VPN
28match identity remote address 104.199.XXX.XXX 255.255.255.255
29authentication local pre-share
30authentication remote pre-share
31keyring Google-VPN
32!
33!
34!
35crypto ipsec transform-set GOOGLE-VPN esp-aes 256 esp-sha256-hmac
36!
37!
38crypto map vpnsmap 112 ipsec-isakmp
39set peer 104.199.XXX.XXX
40set transform-set GOOGLE-VPN
41set pfs group14
42set ikev2-profile Google-VPN
43match address Google-VPN
44!
45interface GigabitEthernet0/0
46ip address 172.31.XXX.XXX 255.255.0.0
47no ip redirects
48ip flow ingress
49ip nat inside
50ip rip advertise 5
51ip virtual-reassembly in max-reassemblies 64
52standby 1 ip 172.31.XXX.XXX
53standby 1 priority 130
54standby 1 preempt
55standby 1 name LAN
56ip tcp adjust-mss 1350
57duplex auto
58speed auto
59no keepalive
60!
61interface GigabitEthernet0/1
62ip address 37.191.XXX.XXX 255.255.255.240
63ip access-group acl_wan in
64no ip redirects
65ip flow ingress
66ip nat outside
67ip inspect fw_inspect out
68ip virtual-reassembly in max-reassemblies 64
69ip tcp adjust-mss 1350
70duplex auto
71speed auto
72no keepalive
73crypto map vpnsmap
74!
75interface Virtual-Template1
76ip unnumbered Loopback0
77ip rip advertise 5
78peer default ip address pool pool_pptp
79no keepalive
80ppp encrypt mppe auto passive
81ppp authentication ms-chap-v2 ms-chap chap pap pptp_auth
82ppp authorization pptp_auth
83!
84ip route 10.132.XXX.XXX 255.255.255.255 37.191.XXX.XXX
85!
86ip access-list extended Google-VPN
87permit ip 172.31.XXX.XXX 0.0.255.255 host 10.132.XXX.XXX
88
89creating acquire job for policy with reqid {1}
90initiating IKE_SA vpn_37.191.XXX.XXX[1168] to 37.191.XXX.XXX
91generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
92sending packet: from 104.199.XXX.XXX[500] to 37.191.XXX.XXX[500] (884 bytes)
93received packet: from 37.191.XXX.XXX[500] to 104.199.XXX.XXX[500] (443 bytes)
94parsed IKE_SA_INIT response 0 [ SA KE No V N(NATD_S_IP) N(NATD_D_IP) ]
95received Cisco Delete Reason vendor ID
96authentication of '104.199.XXX.XXX' (myself) with pre-shared key
97establishing CHILD_SA vpn_37.191.XXX.XXX{1}
98generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(EAP_ONLY) ]
99sending packet: from 104.199.XXX.XXX[500] to 37.191.XXX.XXX[500] (352 bytes)
100retransmit 1 of request with message ID 1
101sending packet: from 104.199.XXX.XXX[500] to 37.191.XXX.XXX[500] (352 bytes)
102retransmit 2 of request with message ID 1
103sending packet: from 104.199.XXX.XXX[500] to 37.191.XXX.XXX[500] (352 bytes)
104creating acquire job for policy with reqid {1}
105ignoring acquire, connection attempt pending
106retransmit 3 of request with message ID 1
107sending packet: from 104.199.XXX.XXX[500] to 37.191.XXX.XXX[500] (352 bytes)
108retransmit 4 of request with message ID 1
109sending packet: from 104.199.XXX.XXX[500] to 37.191.XXX.XXX[500] (352 bytes)
110retransmit 5 of request with message ID 1
111sending packet: from 104.199.XXX.XXX[500] to 37.191.XXX.XXX[500] (352 bytes)
112creating acquire job for policy with reqid {1}
113ignoring acquire, connection attempt pending
114giving up after 5 retransmits
115establishing IKE_SA failed, peer not responding