From: Mitch Tsai (mtcisco@xxxxxxxxx)
Date: Tue Apr 17 2001 - 14:32:17 GMT-3
show crypto engine conn active
--- Mark Salmon <masalmon@cisco.com> wrote:
> I used ping from a subnet that is supposed to be
> encrypted. I also turned on
> debug ip sec on the remote router. I first disable
> IP Sec then make sure I can
> ping. If that works, I then turn on IP sec on one
> router only. I try to ping
> again. That should fail. I then configure it on
> both routers and if done
> right, it should be successful.
>
> "Corey M. Ellis" wrote:
>
> > Hi all,
> >
> > I have configured IPSEC, what I have done is
> tunneled ISIS between r5<-->r1.
> > I created a loopback on each router and put the
> interface in ISIS.
> > Everything was good in the IP routing table, and
> you could ping each
> > loopback. Now I wanted to encrypt this traffic. I
> configured IPSEC but now
> > I want to make sure it is working, I cut on all
> the crypto debug options,
> > but I don't get anything, so I how do you know if
> the encryption is taking
> > place. Please give show and debug commands to
> verify IPSEC.
> >
> > Thanks
> >
> > Corey M. Ellis
> >
> > Configs
> >
> > ##### R5 #######
> >
> > Current configuration:
> > !
> > ! Last configuration change at 09:09:12 UTC Sun
> Apr 15 2001
> > ! NVRAM config last updated at 03:48:40 UTC Sun
> Apr 15 2001
> > !
> > version 12.1
> > service timestamps debug uptime
> > service timestamps log uptime
> > no service password-encryption
> > !
> > hostname r5
> > !
> > !
> > username r6ip password 0 ciscoip
> > username r6ipx password 0 ciscoip
> > !
> > !
> > !
> > !
> > ip subnet-zero
> > no ip domain-lookup
> > !
> > ip multicast-routing
> > ip dvmrp route-limit 20000
> > clns routing
> > ipx routing 0005.0005.0005
> > isdn switch-type basic-ni
> > cns event-service server
> > !
> > !
> > crypto isakmp policy 1
> > hash md5
> > authentication pre-share
> > crypto isakmp key ciscoipsec address 10.10.1.1
> > !
> > !
> > crypto ipsec transform-set mydesmd5 esp-des
> esp-md5-hmac
> > !
> > crypto map CRYPTOMAP 10 ipsec-isakmp
> > set peer 10.10.1.1
> > set transform-set mydesmd5
> > match address 120
> > !
> > !
> > !
> > !
> > interface Loopback0
> > ip address 5.5.5.5 255.255.255.0
> > ip pim dense-mode
> > ip igmp join-group 226.6.6.6
> > !
> > interface Loopback1
> > ip address 10.10.5.5 255.255.255.0
> > ip router isis
> > !
> > interface Tunnel0
> > ip address 10.10.1.5 255.255.255.0
> > ip router isis
> > tunnel source 5.5.5.5
> > tunnel destination 1.1.1.1
> > crypto map CRYPTOMAP
> > !
> > interface Ethernet0
> > no ip address
> > shutdown
> > !
> > interface Serial0
> > no ip address
> > encapsulation frame-relay
> > !
> > interface Serial0.1 multipoint
> > ip address 172.16.1.5 255.255.255.0
> > ip pim dense-mode
> > ip ospf network point-to-multipoint
> > ipx network 6540
> > no ipx split-horizon eigrp 1
> > frame-relay map ip 172.16.1.4 504 broadcast
> > frame-relay map ip 172.16.1.6 506 broadcast
> > frame-relay map ipx 6540.0004.0004.0004 504
> broadcast
> > frame-relay map ipx 6540.0006.0006.0006 506
> broadcast
> > !
> > interface Serial0.2 point-to-point
> > ip address 172.16.2.5 255.255.255.0
> > ip pim dense-mode
> > ipx network 5003
> > frame-relay interface-dlci 503
> > !
> > interface Serial1
> > no ip address
> > shutdown
> > !
> > interface Serial2
> > no ip address
> > shutdown
> > !
> > interface Serial3
> > no ip address
> > shutdown
> > !
> > interface BRI0
> > no ip address
> > encapsulation ppp
> > shutdown
> > dialer pool-member 1
> > isdn switch-type basic-ni
> > isdn spid1 3840200001 384020
> > isdn spid2 3840200002 384030
> > no peer neighbor-route
> > ppp authentication chap
> > !
> > interface Dialer0
> > ip address 172.16.15.5 255.255.255.0
> > encapsulation ppp
> > dialer remote-name r6ip
> > dialer pool 1
> > dialer max-call 4096
> > dialer-group 2
> > ppp authentication chap
> > !
> > interface Dialer1
> > no ip address
> > encapsulation ppp
> > dialer remote-name r6ipx
> > dialer pool 1
> > dialer max-call 4096
> > dialer-group 3
> > ipx network 5006
> > snapshot server 5
> > ppp authentication chap
> > !
> > router ospf 1
> > summary-address 172.16.240.0 255.255.248.0
> > redistribute rip subnets
> > network 5.5.5.0 0.0.0.255 area 0
> > network 172.16.1.0 0.0.0.255 area 0
> > network 172.16.15.0 0.0.0.255 area 15
> > !
> > router isis
> > net 49.0001.5555.5555.5555.00
> > !
> > router rip
> > version 1
> > redistribute ospf 1
> > passive-interface default
> > no passive-interface Dialer1
> > no passive-interface Loopback1
> > no passive-interface Serial0.2
> > no passive-interface Tunnel0
> > network 172.16.0.0
> > default-information originate
> > default-metric 3
> > no auto-summary
> > !
> > router bgp 6000
> > bgp confederation identifier 1
> > bgp confederation peers 6001
> > neighbor 6.6.6.6 remote-as 6000
> > neighbor 6.6.6.6 update-source Loopback0
> > neighbor 172.16.1.4 remote-as 6001
>
=== message truncated ===
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:48 GMT-3