From: Stanley Seow (stanley_seow@xxxxxxxxxxxxxxxxxxx)
Date: Thu Apr 06 2000 - 13:18:09 GMT-3
Russell,
I do not know a lot of details about VPN ( IPSec ) but these are the things
that I think is important for VPN.. ( pls add on if I miss out any )...
I do a lot of VPN ( router to router & router to VPN client ) demo for my
customers and I usually do the following things :
Define ISAKMP policy - I usually use preshare keys because I do not have a
CA to exchange public keys
Define a transform sets
Define a crypto map to map the above two items
Apply the crypto maps to the interfaces
Also you can define what traffic should be encrypted and what should not
be...
Also you can use a tunnel interface between the two peers
Anymore things to add ??
Hope this helps..
Stanley
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Russell Fear
> Sent: Thursday, April 06, 2000 6:28 PM
> To: ccielab@groupstudy.com
> Subject: headache with encryption
>
>
> Can any one in the group clarify some things about encryption for
> me please.
>
> I've read the URLs that have been mailed to me but am still
> confused about the stages to go through for VPNs for the CCIE lab.
>
> Do I need to generate keys and exchange keys between the two end points ?
>
> Do I need to define a policy using pre-share ?
>
> I tried the following :-
>
> Created an ACL
> Created transform sets
> created crypto maps
> applied the maps to the interfaces
>
> No luck - I haven't included the configs as they are virtually
> identical to the ones given as examples.
>
> I get the following output when debugging ISAKMP
>
> 00:24:16: ISAKMP (4): beginning Main Mode exchange
> 00:24:16: ISAKMP (4): sending packet to 192.168.3.1 (I) MM_NO_STATE
> 00:24:16: ISAKMP (4): received packet from 192.168.3.1 (I) MM_NO_STATE
> 00:24:16: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of
> Informational mode failed with peer
>
> HELP !!!!
>
> Russell
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:13 GMT-3