From: Goh, Winston (winston.goh@xxxxxxxxxxxxx)
Date: Wed Apr 19 2000 - 23:05:17 GMT-3
Hi Robert,
Without the ipsec software (encryption software), there is no way you can
configure Internet Key Exchange. I think Internet Key Exchange is to be
configure for specifying the authentication method (eg pre-share, rsa etc).
IP security will then be configure to specify the Encryption method in the
transform-set. This is where data send is being encrypted for security
reason. The IKE take care of connection parameters to be exchange with the
Rightful remote peer. The cryto map created is then apply to the interfaces
like tunnel or serial. i am open to correction and i think Don Lee 's
Enhanced Ip Services is a good reference for this. i have attached config of
my setup.
cheers
winston
crypto isakmp policy 1
authentication pre-share
lifetime 84600
crypto isakmp key 13600 address 202.188.189.154
!
!
crypto ipsec transform-set proposal4 ah-sha-hmac esp-des esp-sha-hmac
mode transport
!
!
crypto map s4second local-address Serial0
crypto map s4second 2 ipsec-isakmp
set peer 202.188.189.154
set transform-set proposal4
match address 101
-----Original Message-----
From: robert patterson [mailto:rpatters@access1.net]
Sent: Thursday, April 20, 2000 4:16 AM
To: ccielab@groupstudy.com
Subject: vpn's
At my last lab, I ran across a VPN configuration issue.
I had always thought that VPN's required ipsec software
but the router was not so enabled. Maybe this is a perception
problem on my behalf, but I have had the same comments from
other recent visitors to the lab. I guess the question is what
can be considered a valid VPN. A tunnel, a tunnel with authentication....
Robert Patterson
Senior Systems Engineer
KentDatacomm
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:14 GMT-3