From: Wayne Hu (wayneccie@xxxxxxxxx)
Date: Mon May 15 2000 - 14:43:35 GMT-3
I am using Router1 as internet cloud. If you do
following change, it works with extended ping. Just
doesn't work with loopback address
1. On Router R2
set peer 207.122.2.4
2. On Router R4
set peer 207.122.1.2
wayne
--- xuping <cnmiecxu@public.bta.net.cn> wrote:
> Hi
>
> oops, thanks Chad Marsh, I really have to read the
> question again and again,
> especially in the lab. your point gives me an alert.
>
> As the Wayne Hu's second question, my point is:"make
> sure the two loopback
> are reachable eachother" using an extended ping from
> loop0 to loop0. I think
> your Ipsec config is fine, but there is no routing
> protocol or static route
> in R1, so R1 can not route 10.1.0.0 to 10.2.0.0
>
> I use your case as my trouble-shut exercise, let me
> know If I catch the
> point. Thanks
>
> xuping
> cnmiecxu@public.bta.net.cn
>
>
> -----Original Message-----
> From: Wayne Hu <wayneccie@yahoo.com>
> To: xuping <cnmiecxu@public.bta.net.cn>
> Date: Monday, May 15, 2000 5:33 AM
> Subject: Re: IPSec Question
>
>
> >Hi,
> >I think your way is more practical, I tried in my
> home
> >lab, if I use set peef(R2) point to Serial
> interface
> >on R4 and vise-versa, I have no problem to ping
> >loopback0(R2) to loopback0(R4) and vise-versa. The
> >problem is after I change to point to loopback
> address
> >,it didn't work, I double check the configuration,
> all
> >of them looks fine to me.
> >
> >R2-----------R1--------------R4
> >
> >Rrouter R2 Configuration
> >
> >version 12.0
> >!
> >hostname R2
> >!
> >crypto isakmp policy 1
> > authentication pre-share
> >crypto isakmp key cisco address 10.2.3.4
> >!
> >!
> >crypto ipsec transform-set transform4hub esp-des
> >esp-md5-hmac
> >!
> >!
> >crypto map map2spoke local-address Loopback0
> >crypto map map2spoke 1 ipsec-isakmp
> > set peer 10.2.3.4
> > set transform-set transform4hub
> > match address 101
> >!
> >interface Loopback0
> > ip address 10.1.3.2 255.255.255.0
> >!
> >interface Ethernet0
> > ip address 10.1.1.2 255.255.255.0
> >!
> >interface Serial0
> > ip address 207.122.1.2 255.255.255.0
> > crypto map map2spoke
> >!
> >interface Serial1
> > shutdown
> >!
> >router eigrp 1
> > network 10.0.0.0
> >!
> >ip classless
> >ip route 0.0.0.0 0.0.0.0 207.122.1.1
> >!
> >access-list 101 permit ip 10.1.0.0 0.0.255.255
> >10.2.0.0 0.0.255.255
> >!
> >end
> >
> >Config for Router 1
> >
> >version 12.0
> >hostname R1
> >!
> >enable password cisco
> >!
> >interface Serial1/0
> > ip address 207.122.1.1 255.255.255.0
> > clockrate 64000
> >!
> >interface Serial1/1
> > ip address 207.122.2.1 255.255.255.0
> > clockrate 64000
> >!
> >ip classless
> >!
> >end
> >
> >
> >version 12.0
> >service timestamps debug uptime
> >service timestamps log uptime
> >no service password-encryption
> >!
> >hostname R4
> >!
> >enable password thunder
> >!
> >crypto isakmp policy 1
> > authentication pre-share
> >crypto isakmp key cisco address 10.1.3.2
> >!
> >!
> >crypto ipsec transform-set transform4spoke esp-des
> >esp-md5-hmac
> >!
> >!
> >crypto map map2hub local-address Loopback0
> >crypto map map2hub 1 ipsec-isakmp
> > set peer 10.1.3.2
> > set transform-set transform4spoke
> > match address 101
> >!
> >interface Loopback0
> > ip address 10.2.3.4 255.255.255.0
> >!
> >interface Ethernet0
> > ip address 10.2.1.4 255.255.255.0
> >!
> >interface Serial0
> > ip address 207.122.2.4 255.255.255.0
> > crypto map map2hub
> >!
> >router eigrp 1
> > network 10.0.0.0
> >!
> >ip classless
> >ip route 0.0.0.0 0.0.0.0 207.122.2.1
> >!
> >access-list 101 permit ip 10.2.0.0 0.0.255.255
> >10.1.0.0 0.0.255.255
> >!
> >end
> >
> >regards
> >wayne
> >
>
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:29 GMT-3