IPSec Problem !.

From: Kevin Gannon (kevin@xxxxxxxxxxx)
Date: Sun Mar 26 2000 - 13:11:59 GMT-3

• Next message: Rob Ehlers: "Re: IPSec Problem !."
• Previous message: kongck: "Re: X25 and NLSP Adj."
• Next in thread: Rob Ehlers: "Re: IPSec Problem !."
• Maybe reply: Rob Ehlers: "Re: IPSec Problem !."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
This is driving me nuts I get the following error message when I have
ipsec debugging when trying to ping across the link using an extended
ping. Attached are the configs and a "show crypto key mypub rsa".

The code is 120-7.XK1 on a pair of 3810's. I think that I am doing
everything as per the doc's but I probably need more coffee.

Regards,
Kevin

01:54:22: IPSEC(sa_request): ,
  (key eng. msg.) src= 20.20.20.2, dest= 20.20.20.1,
    src_proxy= 1.1.1.1/255.255.255.255/0/0 (type=1),
    dest_proxy= 2.2.2.2/255.255.255.255/0/0 (type=1),
    protocol= ESP, transform= esp-des esp-sha-hmac ,
    lifedur= 3600s and 4608000kb,
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4004
01:54:22: IPSEC(manual_key_stuffing): Can't get valide engine id 0
.
bottom-office#
bottom-office#sh cryp key myp rsa
% Key pair was generated at: 00:27:40 UTC Mar 1 1993
Key name: bottom-office.gannons.net
 Usage: General Purpose Key
 Key Data:
  305C300D 06092A86 4886F70D 01010105 00034B00 30480241 0099CDB4 6F10BC3D
  0168BE76 DE9DDF52 01E2AAE0 3BE57FD2 B218C1B2 F038343B 455C7D44 5FB6D987
  5DEEB3A9 F316DC05 321EFE16 611E759B 13ED390E 3AECB3D3 09020301 0001
% Key pair was generated at: 01:28:00 UTC Mar 1 1993
Key name: bottom-office.gannons.net.server
 Usage: Encryption Key
 Key Data:
  307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00BF26A0 D851726D
  97CAE1A4 D54DA654 3D6757D2 01AAE00D 14335813 2B3082E1 860C0A96 23B342D0
  F8D156D7 D0BE638B B2904B8D 21AC50BD B1DE8201 BE66FF3F CB276EAC CAA2FF07
  F4B721C2 FCCE2565 252834AE 32E89AF5 2800C3B2 F05C1BA5 77020301 0001
bottom-office#
bottom-office#
bottom-office#
bottom-office#
bottom-office#wr t
Building configuration...

Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname bottom-office
!
boot system flash mc3810-binr3v2-mz.120-9.bin
!
username r privilege 15 password 0 r
!
!
!
!
network-clock base-rate 56k
ip subnet-zero
ip host home-top.gannons.net 20.20.20.1
ip domain-name gannons.net
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
!
!
!
crypto isakmp policy 1
 authentication rsa-encr
 group 2
 lifetime 240
crypto isakmp key home-top.gannons.net address 20.20.20.1 255.255.255.255
crypto isakmp identity hostname
!
!
crypto ipsec transform-set scramble ah-sha-hmac esp-des esp-sha-hmac
!
!
crypto key pubkey-chain rsa
 named-key home-top.gannons.net encryption
  address 20.20.20.1
  key-string
   307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00933762 6FFE1A16
   192C7426 CD814A5F 24B54D70 41A31F02 5C5B12A1 0A395B1D C8252175 F5593994
   A7CF090D 9D0A1E55 5639CFE1 ED3E5A00 78BFE22B AE85FB61 0D00B7AE 9CD802BE
   71341F20 60EE0B95 A22A3CDA F9CCDF90 77567578 6ECF3F26 ED020301 0001
  quit
 !
 crypto map scramble 10 ipsec-manual
 set peer 20.20.20.1
 set transform-set scramble
 match address cypher-list
!
!
controller E1 0
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.0
 no ip directed-broadcast
!
interface Ethernet0
 ip address 20.20.20.2 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
 crypto map scramble
!
interface Serial0
 ip address 10.10.10.2 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
 shutdown
 no fair-queue
 clockrate 64000
 voice-encap 512
 hold-queue 1024 out
!
interface Serial1
 no ip address
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
 shutdown
!
router eigrp 100
 network 1.0.0.0
 network 20.0.0.0
 no auto-summary
!
no ip http server
ip classless
!
!
ip access-list extended cypher-list
 permit ip host 1.1.1.1 host 2.2.2.2
!
voice-port 1/1
 cptone IE
!
voice-port 1/2
!
voice-port 1/3
!
voice-port 1/4
!
voice-port 1/5
!
dial-peer voice 2 pots
 destination-pattern 4093000
 port 1/1
!
!
line con 0
 login local
 transport input none
line aux 0
line 2 3
line vty 0 4
 login local
!
end

bottom-office#
home-top#sh crypto my
home-top#sh crypto key my rsa
% Key pair was generated at: 00:03:11 UTC Mar 1 1993
Key name: home-top.gannons.net
 Usage: General Purpose Key
 Key Data:
  305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00EAFDEE 3C31C5F3
  5E97344A FC9A4AA1 DC1FCD79 36C38C32 F513F2B5 A9AF60C3 1A4BE347 AB0BC35A
  84C52055 7076433B 143528B3 9A20275E F280BF4B E47FF4D2 95020301 0001
% Key pair was generated at: 01:03:40 UTC Mar 1 1993
Key name: home-top.gannons.net.server
 Usage: Encryption Key
 Key Data:
  307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00A76580 0C86C11A
  CFA65959 BB7BC3A2 9062F59C 81FFCEC5 3112DF97 913784ED 5CFC8EBB 4CCE5B7C
  787D2660 61ECBC0F E8F9768A 15D3320B B37A1288 170642D4 71ADBD41 08C9DB8F
  DE0A1FBC 51967327 27208FD3 8A6A36AE 0A42C4BB 175996AF 2B020301 0001
home-top#
home-top#
home-top#
home-top#wr t
Building configuration...

Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname home-top
!
boot system flash mc3810-binr3v2-mz.120-9.bin
boot system flash mc3810-i5s56i-mz.120-7.XK1.bin
enable secret 5 $1$oc64$57qYf2CVZDCLh5EzsyaWc0
enable password cisco
!
username r privilege 15 password 0 r
!
!
!
!
network-clock base-rate 56k
ip subnet-zero
ip host bottom-office.gannons.net 20.20.20.2
ip domain-name gannons.net
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
!
!
!
crypto isakmp policy 1
 authentication rsa-encr
 group 2
 lifetime 240
crypto isakmp key home-top.gannons.net address 20.20.20.2 255.255.255.255
crypto isakmp identity hostname
!
!
crypto ipsec transform-set scramble ah-sha-hmac esp-des esp-sha-hmac
!
!
crypto key pubkey-chain rsa
 named-key bottom-office.gannons.net
  address 20.20.20.2
  key-string
   307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00D5520D 0E37A63D
   EF14D7EE C55E296D 5276BB0F 515097F3 42E5851E 37905A66 80F6C834 A0BF4FF1
   7C56BCF8 35706735 FC08D0CE D61BA314 F2F4E55B 3DB9F343 79FB7BCD D26E5C51
   3E53884E 4E09F723 03B7F6E7 6E616441 ABD6E00D F4C3B6EC 75020301 0001
  quit
 !
 crypto map scramble 10 ipsec-manual
 set peer 20.20.20.2
 set transform-set scramble
 match address cypher-list
!
!
controller E1 0
 shutdown
!
!
interface Loopback1
 ip address 2.2.2.2 255.255.255.0
 no ip directed-broadcast
!
interface Ethernet0
 ip address 20.20.20.1 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
 no keepalive
 crypto map scramble
!
interface Serial0
 ip address 10.10.10.1 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
 shutdown
 no fair-queue
 voice-encap 512
 crypto map scramble
 hold-queue 1024 out
!
interface Serial1
 no ip address
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
 shutdown
!
router eigrp 100
 network 2.0.0.0
 network 20.0.0.0
 no auto-summary
!
no ip http server
ip classless
!
!
ip access-list extended cypher-list
 permit ip host 2.2.2.2 host 1.1.1.1
!
voice-port 1/1
!
voice-port 1/3
!
voice-port 1/5
!
!
line con 0
 login local
 transport input none
line aux 0
line 2 3
line vty 0 4
 password cisco
 login local
!
end

home-top#

• Next message: Rob Ehlers: "Re: IPSec Problem !."
• Previous message: kongck: "Re: X25 and NLSP Adj."
• Next in thread: Rob Ehlers: "Re: IPSec Problem !."
• Maybe reply: Rob Ehlers: "Re: IPSec Problem !."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:06 GMT-3