From: Kenny Sallee (mischa@xxxxxxxxxxxxxx)
Date: Thu Aug 10 2000 - 04:07:39 GMT-3
First off your transform sets don't match:
crypto ipsec transform-set r5 ah-md5-hmac esp-des
crypto ipsec transform-set r6 esp-des esp-md5-hmac
These need to match for phase 2 to complete ( I think it is anyway maybe
phase 1). It looked like from the debug that phase 1 completed ( pre-shared
keys were exchanged and matched ) but phase 2 did not..
Also, I think your ACL's are wrong. You need to permit the return traffic
in both directions depending on the direction(s) you want to encrypt telnet.
So for R5:
access-list 105 permit tcp any any eq telnet log
access-list 105 permit tcp any eq 23 any gt 1023
and the same on the other router
Kenny
----- Original Message -----
From: <Padhu@steinroe.com>
To: <ccielab@groupstudy.com>
Sent: Wednesday, August 09, 2000 10:53 AM
Subject: IPSEC / ISAKMP sample config
> I am trying this and it isnt working for me ...My first time.. so
obviously
> i am overlooking something..Can any one take a look at the
> config and comment on it ? thanks.
>
> I have defined telnet to be the only traffic interesting for encryption..
>
> Cheers,Padhu
>
> <<ipsec.TXT>> <<ipsecdebug.TXT>>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:23 GMT-3