回复: IPSec Question

From: xuping (cnmiecxu@xxxxxxxxxxxxxxxxx)
Date: Sun May 14 2000 - 19:48:19 GMT-3

• Next message: Brad Ellis: "Re: Finding IPX network and encap"
• Previous message: Asbjorn Hojmark: "Finding IPX network and encap"
• Next in thread: Wayne Hu: "Re: 回复: IPSec Question"
• Maybe reply: Wayne Hu: "Re: 回复: IPSec Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi

oops, thanks Chad Marsh, I really have to read the question again and again,
especially in the lab. your point gives me an alert.

As the Wayne Hu's second question, my point is:"make sure the two loopback
are reachable eachother" using an extended ping from loop0 to loop0. I think
your Ipsec config is fine, but there is no routing protocol or static route
in R1, so R1 can not route 10.1.0.0 to 10.2.0.0

I use your case as my trouble-shut exercise, let me know If I catch the
point. Thanks

xuping
cnmiecxu@public.bta.net.cn

-----Original Message-----
From: Wayne Hu <wayneccie@yahoo.com>
To: xuping <cnmiecxu@public.bta.net.cn>
Date: Monday, May 15, 2000 5:33 AM
Subject: Re: IPSec Question

>Hi,
>I think your way is more practical, I tried in my home
>lab, if I use set peef(R2) point to Serial interface
>on R4 and vise-versa, I have no problem to ping
>loopback0(R2) to loopback0(R4) and vise-versa. The
>problem is after I change to point to loopback address
>,it didn't work, I double check the configuration, all
>of them looks fine to me.
>
>R2-----------R1--------------R4
>
>Rrouter R2 Configuration
>
>version 12.0
>!
>hostname R2
>!
>crypto isakmp policy 1
> authentication pre-share
>crypto isakmp key cisco address 10.2.3.4
>!
>!
>crypto ipsec transform-set transform4hub esp-des
>esp-md5-hmac
>!
>!
>crypto map map2spoke local-address Loopback0
>crypto map map2spoke 1 ipsec-isakmp
> set peer 10.2.3.4
> set transform-set transform4hub
> match address 101
>!
>interface Loopback0
> ip address 10.1.3.2 255.255.255.0
>!
>interface Ethernet0
> ip address 10.1.1.2 255.255.255.0
>!
>interface Serial0
> ip address 207.122.1.2 255.255.255.0
> crypto map map2spoke
>!
>interface Serial1
> shutdown
>!
>router eigrp 1
> network 10.0.0.0
>!
>ip classless
>ip route 0.0.0.0 0.0.0.0 207.122.1.1
>!
>access-list 101 permit ip 10.1.0.0 0.0.255.255
>10.2.0.0 0.0.255.255
>!
>end
>
>Config for Router 1
>
>version 12.0
>hostname R1
>!
>enable password cisco
>!
>interface Serial1/0
> ip address 207.122.1.1 255.255.255.0
> clockrate 64000
>!
>interface Serial1/1
> ip address 207.122.2.1 255.255.255.0
> clockrate 64000
>!
>ip classless
>!
>end
>
>
>version 12.0
>service timestamps debug uptime
>service timestamps log uptime
>no service password-encryption
>!
>hostname R4
>!
>enable password thunder
>!
>crypto isakmp policy 1
> authentication pre-share
>crypto isakmp key cisco address 10.1.3.2
>!
>!
>crypto ipsec transform-set transform4spoke esp-des
>esp-md5-hmac
>!
>!
>crypto map map2hub local-address Loopback0
>crypto map map2hub 1 ipsec-isakmp
> set peer 10.1.3.2
> set transform-set transform4spoke
> match address 101
>!
>interface Loopback0
> ip address 10.2.3.4 255.255.255.0
>!
>interface Ethernet0
> ip address 10.2.1.4 255.255.255.0
>!
>interface Serial0
> ip address 207.122.2.4 255.255.255.0
> crypto map map2hub
>!
>router eigrp 1
> network 10.0.0.0
>!
>ip classless
>ip route 0.0.0.0 0.0.0.0 207.122.2.1
>!
>access-list 101 permit ip 10.2.0.0 0.0.255.255
>10.1.0.0 0.0.255.255
>!
>end
>
>regards
>wayne
>

• Next message: Brad Ellis: "Re: Finding IPX network and encap"
• Previous message: Asbjorn Hojmark: "Finding IPX network and encap"
• Next in thread: Wayne Hu: "Re: 回复: IPSec Question"
• Maybe reply: Wayne Hu: "Re: 回复: IPSec Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:29 GMT-3