How to check if IPSEC is working!!!

From: Corey M. Ellis (corey.m.ellis@xxxxxxxx)
Date: Sun Apr 15 2001 - 22:32:37 GMT-3

• Next message: Alan Basinger: "RE: 2nd try in RTP. Still no :("
• Previous message: Mas: "RE: DLSw+ Over Frame"
• Next in thread: Justin Menga: "RE: How to check if IPSEC is working!!!"
• Maybe reply: Justin Menga: "RE: How to check if IPSEC is working!!!"
• Maybe reply: Mark Salmon: "Re: How to check if IPSEC is working!!!"
• Maybe reply: Mitch Tsai: "Re: How to check if IPSEC is working!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi all,

I have configured IPSEC, what I have done is tunneled ISIS between r5<-->r1.
I created a loopback on each router and put the interface in ISIS.
Everything was good in the IP routing table, and you could ping each
loopback. Now I wanted to encrypt this traffic. I configured IPSEC but now
I want to make sure it is working, I cut on all the crypto debug options,
but I don't get anything, so I how do you know if the encryption is taking
place. Please give show and debug commands to verify IPSEC.

Thanks

Corey M. Ellis

Configs

##### R5 #######

Current configuration:
!
! Last configuration change at 09:09:12 UTC Sun Apr 15 2001
! NVRAM config last updated at 03:48:40 UTC Sun Apr 15 2001
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r5
!
!
username r6ip password 0 ciscoip
username r6ipx password 0 ciscoip
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
ip multicast-routing
ip dvmrp route-limit 20000
clns routing
ipx routing 0005.0005.0005
isdn switch-type basic-ni
cns event-service server
!
!
crypto isakmp policy 1
 hash md5
 authentication pre-share
crypto isakmp key ciscoipsec address 10.10.1.1
!
!
crypto ipsec transform-set mydesmd5 esp-des esp-md5-hmac
!
crypto map CRYPTOMAP 10 ipsec-isakmp
 set peer 10.10.1.1
 set transform-set mydesmd5
 match address 120
!
!
!
!
interface Loopback0
 ip address 5.5.5.5 255.255.255.0
 ip pim dense-mode
 ip igmp join-group 226.6.6.6
!
interface Loopback1
 ip address 10.10.5.5 255.255.255.0
 ip router isis
!
interface Tunnel0
 ip address 10.10.1.5 255.255.255.0
 ip router isis
 tunnel source 5.5.5.5
 tunnel destination 1.1.1.1
 crypto map CRYPTOMAP
!
interface Ethernet0
 no ip address
 shutdown
!
interface Serial0
 no ip address
 encapsulation frame-relay
!
interface Serial0.1 multipoint
 ip address 172.16.1.5 255.255.255.0
 ip pim dense-mode
 ip ospf network point-to-multipoint
 ipx network 6540
 no ipx split-horizon eigrp 1
 frame-relay map ip 172.16.1.4 504 broadcast
 frame-relay map ip 172.16.1.6 506 broadcast
 frame-relay map ipx 6540.0004.0004.0004 504 broadcast
 frame-relay map ipx 6540.0006.0006.0006 506 broadcast
!
interface Serial0.2 point-to-point
 ip address 172.16.2.5 255.255.255.0
 ip pim dense-mode
 ipx network 5003
 frame-relay interface-dlci 503
!
interface Serial1
 no ip address
 shutdown
!
interface Serial2
 no ip address
 shutdown
!
interface Serial3
 no ip address
 shutdown
!
interface BRI0
 no ip address
 encapsulation ppp
 shutdown
 dialer pool-member 1
 isdn switch-type basic-ni
 isdn spid1 3840200001 384020
 isdn spid2 3840200002 384030
 no peer neighbor-route
 ppp authentication chap
!
interface Dialer0
 ip address 172.16.15.5 255.255.255.0
 encapsulation ppp
 dialer remote-name r6ip
 dialer pool 1
 dialer max-call 4096
 dialer-group 2
 ppp authentication chap
!
interface Dialer1
 no ip address
 encapsulation ppp
 dialer remote-name r6ipx
 dialer pool 1
 dialer max-call 4096
 dialer-group 3
 ipx network 5006
 snapshot server 5
 ppp authentication chap
!
router ospf 1
 summary-address 172.16.240.0 255.255.248.0
 redistribute rip subnets
 network 5.5.5.0 0.0.0.255 area 0
 network 172.16.1.0 0.0.0.255 area 0
 network 172.16.15.0 0.0.0.255 area 15
!
router isis
 net 49.0001.5555.5555.5555.00
!
router rip
 version 1
 redistribute ospf 1
 passive-interface default
 no passive-interface Dialer1
 no passive-interface Loopback1
 no passive-interface Serial0.2
 no passive-interface Tunnel0
 network 172.16.0.0
 default-information originate
 default-metric 3
 no auto-summary
!
router bgp 6000
 bgp confederation identifier 1
 bgp confederation peers 6001
 neighbor 6.6.6.6 remote-as 6000
 neighbor 6.6.6.6 update-source Loopback0
 neighbor 172.16.1.4 remote-as 6001
 no auto-summary
!
ip classless
no ip http server
!
access-list 101 deny ospf any any
access-list 101 permit ip any any
access-list 120 permit ip 10.10.5.0 0.0.0.255 10.10.6.0 0.0.0.255
dialer-list 1 protocol ip list 101
dialer-list 2 protocol ip permit
dialer-list 3 protocol ipx permit
!
!
!
ipx router eigrp 1
 network 6540
!
!
ipx router rip
 no network 6540
!
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 transport input none
line aux 0
line vty 0 4
 exec-timeout 0 0
 logging synchronous
 login
!
ntp authentication-key 1 md5 060506324F41 7
ntp authenticate
ntp trusted-key 1
ntp master 2
end

###### R1 ######

Current configuration:
!
! Last configuration change at 08:58:12 UTC Sun Apr 15 2001
! NVRAM config last updated at 03:48:25 UTC Sun Apr 15 2001
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r1
!
!
username all
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
ip multicast-routing
ip dvmrp route-limit 20000
clns routing
ipx routing 0001.0001.0001
ipx internal-network 11
cns event-service server
!
!
crypto isakmp policy 1
 hash md5
 authentication pre-share
crypto isakmp key ciscoipsec address 10.10.1.5
!
!
crypto ipsec transform-set mydesmd5 esp-des esp-md5-hmac
!
crypto map CRYPTOMAP 10 ipsec-isakmp
 set peer 10.10.1.5
 set transform-set mydesmd5
 match address 120
!
!
!
!
interface Loopback0
 ip address 172.16.50.26 255.255.255.252
 ipx network 1110
!
interface Loopback1
 ip address 172.16.50.29 255.255.255.252
 ipx network 1111
!
interface Loopback2
 ip address 172.16.50.33 255.255.255.252
 ipx network 1112
!
interface Loopback3
 ip address 1.1.1.1 255.255.255.0
 ip pim dense-mode
 ipx network 1113
!
interface Loopback4
 ip address 10.10.6.1 255.255.255.0
 ip router isis
!
interface Tunnel0
 no ip address
 ipx network 1004
 ipx nlsp enable
 tunnel source 1.1.1.1
 tunnel destination 4.4.4.4
!
interface Tunnel1
 ip address 10.10.1.1 255.255.255.0
 ip router isis
 tunnel source 1.1.1.1
 tunnel destination 5.5.5.5
 crypto map CRYPTOMAP
!
interface Ethernet0
 no ip address
 shutdown
!
interface Serial0
 ip address 172.16.129.1 255.255.252.0
 ip pim dense-mode
 ip summary-address eigrp 1 172.16.50.0 255.255.255.192 5
 no fair-queue
!
interface Serial1
 ip address 11.11.11.1 255.255.255.0
 ip pim dense-mode
!
router eigrp 1
 redistribute bgp 6001
 network 1.1.1.0 0.0.0.255
 network 172.16.0.0
 no auto-summary
!
router isis
 net 49.0001.1111.1111.1111.00
!
router bgp 6001
 bgp confederation identifier 1
 bgp confederation peers 6000
 neighbor 4.4.4.4 remote-as 6001
 neighbor 11.11.11.2 remote-as 2
 no auto-summary
!
ip classless
no ip http server
!
access-list 120 permit ip 10.10.6.0 0.0.0.255 10.10.5.0 0.0.0.255
!
!
!
ipx router nlsp
 area-address 0 0
!
!
no ipx router rip
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 transport input none
line aux 0
line vty 0 4
 exec-timeout 0 0
 logging synchronous
 login
!
ntp authentication-key 1 md5 070C285F4D06 7
ntp authenticate
ntp trusted-key 1
ntp clock-period 17179994
ntp peer 4.4.4.4
end
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Alan Basinger: "RE: 2nd try in RTP. Still no :("
• Previous message: Mas: "RE: DLSw+ Over Frame"
• Next in thread: Justin Menga: "RE: How to check if IPSEC is working!!!"
• Maybe reply: Justin Menga: "RE: How to check if IPSEC is working!!!"
• Maybe reply: Mark Salmon: "Re: How to check if IPSEC is working!!!"
• Maybe reply: Mitch Tsai: "Re: How to check if IPSEC is working!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:46 GMT-3