From: xuping (cnmiecxu@xxxxxxxxxxxxxxxxx)
Date: Sat May 13 2000 - 22:20:46 GMT-3
Hi
No, I don't think a 0.0.0.0 will work in your case. You may set up loopback
i/f on both hub and remote client, and use loopback as VPN tunnle end point,
(use some routing protocal or static route to make sure the two loopback are
reachable eachother). My understanding is (correct me if I am wrong): the
two end point are only used for establish isakmp and ipsec security
association, once sa is established, the crypto map may apply to an
interface not belong the tunnel end-point.
I test the following config, it works.
Hub:
interface loopback 0
ip add 1.1.1.1 255.255.255.0
!
crypto isakmp policy 10
authentication pre-share
!
crypto isakmp key ciscopass address 1.1.1.2 <= peer's loopback addr.
!
crypto ipsec transformset transform4hub esp-des
!
crypto map local-address loopback 0
!
crypto map map4hub 10 ipsec-isakmp
set peer 1.1.1.2
set transform transform4hub
match add 110
!
int bri0
crypto map map4hub
spoke client:
interface loopback 0
ip add 1.1.1.2 255.255.255.0
!
crypto isakmp policy 10
authentication pre-share
!
crypto isakmp key ciscopass address 1.1.1.1 <= peer's loopback addr.
!
crypto ipsec transformset transform4hub esp-des
!
crypto map local-address loopback 0
!
crypto map map4spoke 10 ipsec-isakmp
set peer 1.1.1.1
set transform transform4hub
match add 110
!
int bri0
crypto map map4spoke
-----Original Message-----
From: Wayne Hu <wayneccie@yahoo.com>
To: ccielab@groupstudy.com <ccielab@groupstudy.com>
Date: Sunday, May 14, 2000 6:49 AM
Subject: IPSec Question
>Hi,
>I have problem to setup pre-share key on VPN host,
>because the Remoute Client using Dial-up ISDN with no
>Static IP address. Can I use wildcard in the command
>line crypto isakmp key Cisco address 0.0.0.0, if not,
>how can I implement this?
>
>Thanks
>
>wayne
>
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:29 GMT-3