From: jaime.salazar@xxxxxxxxxx
Date: Sat Jan 15 2000 - 19:51:35 GMT-3
Hey folks, calm down!!!
Talking about VPN's, I did the excercise of Brad's recommendation for VPN. If
you configure that it works fine, but when I tryed to add a tunnel interface t
o
it, I get this kind of messages:
00:03:59: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed
w
ith peer at 192.168.10.66
Here are the configs, can you figure it out the problem?
Thanks in advance.
Jaime
sh run
Building configuration...
Current configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname dt3-45a
!
!
ip host ciscoca-ultra 171.69.54.46
ip domain-name cisco.com
ip name-server 171.69.2.132
ip name-server 198.92.30.32
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key slurpee-machine address 192.168.10.38
!
!
--More-- crypto ipsec transform-set PapaBear
esp-rfc1829
crypto ipsec transform-set MamaBear ah-md5-hmac esp-des
crypto ipsec transform-set BabyBear ah-rfc1828
!
!
crypto map armadillo 10 ipsec-isakmp
set peer 192.168.10.38
set transform-set PapaBear MamaBear BabyBear
match address 101
!
!
process-max-time 200
!
interface Tunnel0
ip address 10.10.49.1 255.255.255.0
tunnel source 192.168.10.66
tunnel destination 192.168.10.38
crypto map armadillo
!
interface Serial0
ip address 192.168.10.66 255.255.255.0
no fair-queue
clockrate 64000
--More-- !
interface Serial1
no ip address
shutdown
!
interface TokenRing0
ip address 10.10.9.1 255.255.255.0
ring-speed 16
!
router eigrp 100
network 10.0.0.0
!
ip classless
!
access-list 101 permit ip 10.10.0.0 0.0.255.255 10.10.0.0 0.0.255.255
!
line con 0
line aux 0
line vty 0 4
login
!
end
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname db3-4kb
!
!
!
!
!
!
ip subnet-zero
ip host ciscoca-ulotra 171.69.54.46
ip domain-name cisco.com
ip name-server 171.69.2.132
ip name-server 198.92.30.32
!
cns event-service server
!
--More-- !
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key slurpee-machine address 192.168.10.66
!
!
crypto ipsec transform-set PapaBear esp-rfc1829
crypto ipsec transform-set MamaBear ah-md5-hmac esp-des
crypto ipsec transform-set BabyBear ah-rfc1828
!
!
crypto map armadillo 10 ipsec-isakmp
set peer 192.168.10.66
set transform-set PapaBear MamaBear BabyBear
match address 101
!
!
process-max-time 200
!
interface Tunnel0
ip address 10.10.49.2 255.255.255.0
no ip directed-broadcast
--More-- tunnel source 192.168.10.38
tunnel destination 192.168.10.66
crypto map armadillo
!
interface Ethernet0
ip address 10.10.5.1 255.255.255.0
no ip directed-broadcast
!
interface Serial0
ip address 192.168.10.38 255.255.255.0
no ip directed-broadcast
no ip mroute-cache
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
router eigrp 100
network 10.0.0.0
!
ip classless
no ip http server
--More-- !
access-list 101 permit ip 10.10.0.0 0.0.255.255 10.10.0.0 0.0.255.255
!
!
line con 0
transport input none
line 1 8
line aux 0
line vty 0 4
login
!
end
"Doug Hammond" <dhammond@rcsis.com> on 15/01/2000 03:52:38 PM
Please respond to "Doug Hammond" <dhammond@rcsis.com>
To: "Brad Hedlund" <BHedlund@LifeTimeFitness.com>, ccielab@groupstudy.com
cc: (bcc: Jaime Salazar/Mexico/AMERICAS/Equant)
Subject: Re: [VPN]
Easy - You just configure an virtual link to opsf area 53.
----- Original Message -----
From: Brad Hedlund <BHedlund@LifeTimeFitness.com>
To: <ccielab@groupstudy.com>
Sent: Saturday, January 15, 2000 12:46 PM
Subject: RE: [VPN]
>
> In my test at RTP in two weeks, I guess I should be prepared for a
question
> such as:
>
> "Configure the network such that the space aliens can only ping the
> Ethernets on R6 and R4"
>
> Any ideas on how that could be configured?
>
> -Brad
>
>
> >
> > AND THE BIGGEST JOKE IS:
> >
> > At RTP they are using the CCIE lab PC's to look for aliens.
> > Yes people, a
> > big professional company like Cisco is running an application
> > on all the
> > test takers PC's that analyze radio telescope signals took
> > for patterns that
> > represent intelligence while people are taking the test. I
> > can see people
> > running this sort of thing at home on their pc's. Mabye on
> > their office
> > machine at work. BUT AT THE CISCO CCIE LAB. This is by far the most
> > amature and unprofessional thing I could ever imagine them doing.
> >
> >
> >
> > >From: "Erik" <emolden@earthlink.net>
> > >Reply-To: "Erik" <emolden@earthlink.net>
> > >To: "Brad Hedlund" <BHedlund@LifeTimeFitness.com>
> > >CC: <ccielab@groupstudy.com>
> > >Subject: RE: [VPN]
> > >Date: Fri, 14 Jan 2000 23:27:34 -0500
> > >MIME-Version: 1.0
> > >Received: from [208.242.122.8] by hotmail.com (3.2) with ESMTP id
> > >MHotMailBA4945EF0022D820F3A7D0F27A0811AE1; Fri Jan 14 20:43:32 2000
> > >Received: from localhost (mail@localhost)by groupstudy.com
> > (8.9.3/8.9.3)
> > >with SMTP id AAA24251;Sat, 15 Jan 2000 00:27:57 GMT
> > >Received: by groupstudy.com (bulk_mailer v1.12); Sat, 15 Jan
> > 2000 00:27:57
> > >+0000
> > >Received: (from listserver@localhost)by groupstudy.com
> > (8.9.3/8.9.3) id
> > >AAA24247GroupStudy Mailer; Sat, 15 Jan 2000 00:27:57 GMT
> > >Received: from snipe.prod.itd.earthlink.net
> > (snipe.prod.itd.earthlink.net
> > >[207.217.120.62])by groupstudy.com (8.9.3/8.9.3) with ESMTP id
> > >AAA24244GroupStudy Mailer; Sat, 15 Jan 2000 00:27:55 GMT
> > >Received: from erikkim
> > (dialup-209.246.210.18.Philadelphia1.Level3.net
> > >[209.246.210.18])by snipe.prod.itd.earthlink.net
> > (8.9.3/8.9.3) with SMTP id
> > >UAA07761;Fri, 14 Jan 2000 20:27:24 -0800 (PST)
> > >From nobody@groupstudy.com Fri Jan 14 20:47:34 2000
> > >Message-ID: <NDBBJBFOHLFLHAIBNLHJAEJJCBAA.emolden@earthlink.net>
> > >X-Priority: 3 (Normal)
> > >X-MSMail-Priority: Normal
> > >X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
> > >Importance: Normal
> > >In-Reply-To:
> > <93DD2B9E9A8DD311933E00104B70CD690E7BD3@epserv101.ltfinc.net>
> > >X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
> > >Sender: nobody@groupstudy.com
> > >
> > >Actually it was MOST DEFINATELY the test with VPN and did
> > have 8 points,
> > >including routing issues via the tunnel, etc.
> > >
> > >I would suggest filtering and thinking through your comments
> > a little
> > >before
> > >sending out in the future.
> > >
> > >
> > >
> > >
> > >-----Original Message-----
> > >From: Brad Hedlund [mailto:BHedlund@LifeTimeFitness.com]
> > >Sent: Friday, January 14, 2000 11:19 PM
> > >To: 'Erik'; 'ccielab@groupstudy.com'
> > >Subject: RE: [VPN]
> > >
> > >
> > >
> > >I dont see how you can have 8 points on basic GRE tunnels. ??
> > >People are failing the test more than ever lately and
> > crediting the VPN
> > >stuff for it.
> > >Dont be nieve Erik. Just because you or a friend got a test
> > with with a
> > >basic tunnel doesnt mean that was the test with VPN.
> > >
> > >I say, better be safe than sorry. Know encryption.
> > >
> > >-Brad
> > >
> > >
> > >
> > > >
> > > > It is basic tunnel configurations, etc. No encryption.
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com
> > [mailto:nobody@groupstudy.com]On Behalf Of
> > > > Mosley, Arthur
> > > > Sent: Friday, January 14, 2000 10:19 PM
> > > > To: 'Curtis Phillips '; 'zhencai '; 'ccielab@groupstudy.com '
> > > > Subject: RE: [VPN]
> > > >
> > > >
> > > > I think it's basic VPDN - (from CMTD course material/Cisco CD).
> > > >
> > > > Art
> > > >
> > > > -----Original Message-----
> > > > From: Curtis Phillips
> > > > To: zhencai; ccielab@groupstudy.com
> > > > Sent: 1/14/00 9:33 PM
> > > > Subject: Re: [VPN]
> > > >
> > > > You raise a good point. I was under th eimpression that all of the
> > > > encryption
> > > > and ipsec was not going to be required.
> > > >
> > > > "zhencai" <zhencai@home.com> wrote:
> > > > Hi,
> > > >
> > > > I noticed that this topic had been discussed a little in this
> > > > group, but
> > > > I'm
> > > > still kind of confused. I was wondering what I should
> > know for the lab
> > > > test(yeah, I know, everything, but...) Since VPN is quite a
> > > > broad topic,
> > > > I'd
> > > > like to find out what you guys think.
> > > > Thanks a lot.
> > > >
> > > > Zhen Cai
> > > >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:22:44 GMT-3