From: Jack Heney (jheneyccie@xxxxxxxxxxx)
Date: Fri Oct 06 2000 - 22:06:21 GMT-3
Thanks for your help..One quick question...If all I need are the pre-shared
keys, what is the point of having the routers generate the keys and
inputting them (as I did in my config)? If I do specify them, do I gain any
advantage (i.e. stronger encryption)? Thanks, Jack
>From: "John D. Fellenbaum" <john.d.fellenbaum@lmco.com>
>To: Jack Heney <jheneyccie@hotmail.com>
>Subject: Re: IPSec configs and question
>Date: Fri, 06 Oct 2000 20:35:31 -0400
>
>Jack,
>
>Question #1 - Defining the pre-shared keys in both routers is all you need.
>
>Question #2 - I had the same problem when trying to use hostname. I turned
>debug on and saw an informational mode error. I am using 12.1.4 IOS. I
>think
>this is a bug, but have not had a chance to call this problem into the TAC.
>
>Question #3 - The only requirement that I know of is that whatever hash
>algorithm you specified in your IKE policy has to be part of your specified
>transform set in your crypto map. (i.e. - hash sha would require
>esp-sha-hmac in
>the transform set)
>
>John
>
>Jack Heney wrote:
>
> > All IPSec gurus,
> > I have a working IPSec/ISAKMP config using pre-shared keys, but I have a
>few
> > qestions...Here are the configs...Access6 and Lan6 are the routers (the
> > questions will follow):
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:24 GMT-3