From: Joe Harris (joeh@xxxxxxxxxxxxxxxxx)
Date: Sat Apr 08 2000 - 12:38:50 GMT-3
Russell:
I may be mistaken about what you are trying to do, but if you are trying
to set up a VPN and secure it for ATM practice, it would be more correct
to setup a tunnel interface for the VPN part and secure it with Policy
Routing. You see you are correct about generating keys for two-end
points, but in order to do that you have to have control or some type of
access to both end points (that is important) to go through the crypto
key exchange process. If you only have control of one end point you must
create a tunnel interface and policy route.
Hope this helps...
Joe
Russell Fear wrote:
> Can any one in the group clarify some things about encryption for me
please.
>
> I've read the URLs that have been mailed to me but am still confused
about the stages to go through for VPNs for the CCIE lab.
>
> Do I need to generate keys and exchange keys between the two end
points ?
>
> Do I need to define a policy using pre-share ?
>
> I tried the following :-
>
> Created an ACL
> Created transform sets
> created crypto maps
> applied the maps to the interfaces
>
> No luck - I haven't included the configs as they are virtually
identical to the ones given as examples.
>
> I get the following output when debugging ISAKMP
>
> 00:24:16: ISAKMP (4): beginning Main Mode exchange
> 00:24:16: ISAKMP (4): sending packet to 192.168.3.1 (I) MM_NO_STATE
> 00:24:16: ISAKMP (4): received packet from 192.168.3.1 (I)
MM_NO_STATE
> 00:24:16: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational
mode failed with peer
>
> HELP !!!!
>
> Russell
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:13 GMT-3