More IPSec probs...

From: fwells12 (fwells12@xxxxxxxxxxx)
Date: Sat Feb 24 2001 - 05:01:08 GMT-3

• Next message: Gabriel.Neagoe@xxxxxx: "RE: Linux Minicom Break/escape Sequences"
• Previous message: Kevin Wigle: "Re: NM-1E"
• Next in thread: Fabricio Aponte: "RE: More IPSec probs..."
• Maybe reply: Fabricio Aponte: "RE: More IPSec probs..."
• Maybe reply: David A. Mack: "RE: More IPSec probs..."
• Maybe reply: Fabricio Aponte: "RE: More IPSec probs..."
• Maybe reply: David A. Mack: "RE: More IPSec probs..."
• Maybe reply: Devender Singh: "RE: More IPSec probs..."
• Maybe reply: Devender Singh: "RE: More IPSec probs..."
• Maybe reply: Devender Singh: "RE: More IPSec probs..."
• Maybe reply: Scott Morris: "RE: More IPSec probs..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Guys,
I am trying to run IPSec between to routers over a frame cloud using =
tunnels. I cannot get the isakamp security associations to register, =
and thus no traffic is being encrypted. Please give my configs the once =
over and see if you can see anything wrong with them. I have tried =
using a number of permutations of the access-lists and nothing has =
worked. You will notice I have IPX networks at each end of the network. =
 I would like to encrypt that traffic too. =20

I have debug running on ipsec/isakamp/engine and nothing is being =
registered. I guess I have the configs close but...

Router1:
-----------
crypto isakmp policy 10
 authentication pre-share
crypto isakmp key tunnel address 10.1.1.4 255.0.0.0
!
!
crypto ipsec transform-set cisco esp-des esp-md5-hmac
!
crypto map crypmap 15 ipsec-isakmp
 set peer 10.1.1.4
 set transform-set cisco
 match address 100 =20
!
interface Tunnel4
 no ip address
 ipx network 1441
 tunnel source Serial0
 tunnel destination 10.1.1.4
 crypto map crypmap =20
!
interface Ethernet0
 mac-address 0001.0001.0001
 ip address 1.1.1.1 255.0.0.0
 no ip mroute-cache
 no keepalive
 ipx network 11 =20
!
interface Serial0
 ip address 10.1.1.1 255.0.0.0
 ip access-group 101 in
 encapsulation frame-relay
 no ip mroute-cache
 frame-relay lmi-type ansi
 crypto map crypmap =20
!
ip route 4.4.4.4 255.255.255.255 10.1.1.4 =20
!
access-list 100 permit ip host 10.1.1.4 host 10.1.1.1

Router2:
------------
crypto isakmp policy 10
 authentication pre-share
crypto isakmp key tunnel address 10.1.1.1 255.0.0.0
!
!
crypto ipsec transform-set cisco esp-des esp-md5-hmac
!
crypto map crypmap 15 ipsec-isakmp
 set peer 10.1.1.1
 set transform-set cisco
 match address 100
!
interface Tunnel1
 no ip address
 ipx network 1441
 tunnel source Serial0
 tunnel destination 10.1.1.1
 crypto map crypmap =20
!
interface Ethernet0
 mac-address 0004.0004.0004
 ip address 4.4.4.4 255.0.0.0
 no ip mroute-cache
 no keepalive
 ipx network 44
 no cdp enable =20
!
interface Serial0
 ip address 10.1.1.4 255.0.0.0
 ip access-group 101 in
 encapsulation frame-relay
 no ip mroute-cache
 no fair-queue
 frame-relay lmi-type ansi
 crypto map crypmap =20
!
ip route 1.1.1.1 255.255.255.255 10.1.1.1
!
access-list 100 permit ip host 10.1.1.1 host 10.1.1.4 =20

• Next message: Gabriel.Neagoe@xxxxxx: "RE: Linux Minicom Break/escape Sequences"
• Previous message: Kevin Wigle: "Re: NM-1E"
• Next in thread: Fabricio Aponte: "RE: More IPSec probs..."
• Maybe reply: Fabricio Aponte: "RE: More IPSec probs..."
• Maybe reply: David A. Mack: "RE: More IPSec probs..."
• Maybe reply: Fabricio Aponte: "RE: More IPSec probs..."
• Maybe reply: David A. Mack: "RE: More IPSec probs..."
• Maybe reply: Devender Singh: "RE: More IPSec probs..."
• Maybe reply: Devender Singh: "RE: More IPSec probs..."
• Maybe reply: Devender Singh: "RE: More IPSec probs..."
• Maybe reply: Scott Morris: "RE: More IPSec probs..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:59 GMT-3