RE: IPSec config...

From: Brian Dennis (brian@xxxxxx)
Date: Fri Apr 20 2001 - 00:44:47 GMT-3

• Next message: Rob Hopkins: "PPP CHAP Question"
• Previous message: Nigel Taylor: "Re: IPSec config..."
• Maybe in reply to: Steven Weber: "IPSec config..."
• Next in thread: Vladimir Shchutski: "Re: IPSec config..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Steve,
R5 needs the "crypto map ECP1 local-address Loopback7" command changed to
"crypto map ECP1 local-address Loopback6". You're pointing to the wrong
interface.

Brian Dennis
CCIE #2210 (R&S)(ISP/Dial)
CCSI #98640

BTW... It looks like a Loopback/Tunnel interface virus got a hold of your
router ;-)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Steven Weber
Sent: Thursday, April 19, 2001 7:45 PM
To: GROUPSTUDY
Subject: IPSec config...

can someone please take a look a this IPSec config, it isn't working, I
don't
know why, and I don't know where to start troubleshooting it.Please let me
know where I went wrong.
TIA
Steve

Current configuration : 2526 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r5
!
no logging rate-limit
no logging console
!
ip subnet-zero
no ip finger
ip tcp synwait-time 5
no ip domain-lookup
!
clns routing
cns event-service server
!
!
crypto isakmp policy 1
 hash md5
 authentication pre-share
crypto isakmp key 1234 address 172.16.10.1
!
!
crypto ipsec transform-set CCIE esp-des
!
crypto map ECP1 local-address Loopback7
crypto map ECP1 2 ipsec-isakmp
 set peer 172.16.10.1
 set transform-set CCIE
 match address 100
!
!
!
!
interface Loopback0
 ip address 172.16.50.29 255.255.255.252
 no ip route-cache
 no ip mroute-cache
!
interface Loopback1
 ip address 172.16.50.26 255.255.255.252
 no ip route-cache
 no ip mroute-cache
!
interface Loopback2
 ip address 172.16.50.33 255.255.255.252
 no ip route-cache
 no ip mroute-cache
!
interface Loopback3
 ip address 172.16.253.5 255.255.255.0
 no ip route-cache
 no ip mroute-cache
!
interface Loopback4
 ip address 157.10.1.211 255.255.255.240
 no ip route-cache
 no ip mroute-cache
!
interface Loopback5
 ip address 1.1.2.101 255.255.255.0
 ip router isis
 no ip route-cache
 no ip mroute-cache
!
interface Loopback6
 ip address 172.16.15.1 255.255.255.0
 ip router isis
 no ip route-cache
 no ip mroute-cache
!
interface Loopback7
 ip address 5.5.5.5 255.255.255.0
 no ip route-cache
 no ip mroute-cache
!
interface Tunnel0
 ip address 10.10.10.5 255.255.255.0
 tunnel source 172.16.15.1
 tunnel destination 172.16.10.1
 crypto map ECP1
!
interface Ethernet0
 ip address 172.16.160.5 255.255.252.0
 ip router isis
 no ip route-cache
 no ip mroute-cache
 crypto map ECP1
!
interface Serial0
 no ip address
 no ip route-cache
 no ip mroute-cache
 shutdown
!
interface Serial1
 no ip address
 no ip route-cache
 no ip mroute-cache
 shutdown
!
interface TokenRing0
 no ip address
 no ip route-cache
 no ip mroute-cache
 shutdown
!
router ospf 1
 log-adjacency-changes
 network 5.5.5.0 0.0.0.255 area 105
 network 10.10.10.0 0.0.0.255 area 0
!
router isis
 net 49.0002.5555.5555.5555.00
 is-type level-1
!
ip kerberos source-interface any
ip classless
no ip http server
!
access-list 100 permit ip host 172.16.15.1 host 172.16.10.1
!

Current configuration : 4193 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r1
!
no logging console
!
username r2 password 0 cisco
username ipx2 password 0 cisco
!
!
!
!
ip subnet-zero
no ip finger
ip tcp synwait-time 5
no ip domain-lookup
!
ip multicast-routing
clns routing
ipx routing 0001.0001.0001
isdn switch-type basic-dms100
cns event-service server
!
!
crypto isakmp policy 1
 hash md5
 authentication pre-share
crypto isakmp key 1234 address 172.16.15.1
!
!
crypto ipsec transform-set CCIE esp-des
!
crypto map ECP1 local-address Loopback1
crypto map ECP1 2 ipsec-isakmp
 set peer 172.16.15.1
 set transform-set CCIE
 match address 100
!
!
!
!
interface Loopback0
 ip address 172.16.249.1 255.255.255.0
 ip pim sparse-dense-mode
 ip igmp join-group 226.6.6.6
 ip igmp join-group 225.5.5.5
!
interface Loopback1
 ip address 172.16.10.1 255.255.255.0
 ip router isis
!
interface Loopback2
 ip address 2.2.2.1 255.255.255.0
!
interface Tunnel0
 no ip address
 ipx network 112A
 tunnel source 172.16.249.1
 tunnel destination 172.16.250.2
!
interface Tunnel1
 no ip address
 ipx network 13A
 tunnel source 172.16.249.1
 tunnel destination 172.16.251.3
!
interface Tunnel2
 no ip address
 ipx network 14A
 tunnel source 172.16.249.1
 tunnel destination 172.16.252.4
!
interface Tunnel3
 ip address 10.10.10.1 255.255.255.0
 tunnel source 172.16.10.1
 tunnel destination 172.16.15.1
 crypto map ECP1
!
interface Ethernet0
 no ip address
 no keepalive
 shutdown
!
interface Serial0
 no ip address
 encapsulation frame-relay
 no fair-queue
!
interface Serial0.1 multipoint
 ip address 172.16.100.1 255.255.255.0
 ip router isis
 ip pim nbma-mode
 ip pim sparse-dense-mode
 ip ospf network point-to-multipoint
 ip ospf priority 10
 no ip mroute-cache
 ip policy route-map R2
 frame-relay map clns 102 broadcast
 frame-relay map clns 103 broadcast
 frame-relay map ipx 123A.0002.0002.0002 102 broadcast
 frame-relay map ipx 123A.0003.0003.0003 103 broadcast
 frame-relay map ip 172.16.100.2 102 broadcast
 frame-relay map ip 172.16.100.3 103 broadcast
 crypto map ECP1
!
interface Serial0.2 point-to-point
 ip address 172.16.200.1 255.255.255.0
 ip pim nbma-mode
 ip pim sparse-dense-mode
 ip ospf network point-to-multipoint
 no ip mroute-cache
 frame-relay interface-dlci 104
!
interface Serial1
 no ip address
 shutdown
!
interface BRI0
 no ip address
 encapsulation ppp
 dialer pool-member 1
 isdn switch-type basic-dms100
 isdn spid1 3840 ppp callback accept
 ppp authentication chap
!
interface Dialer0
 ip address 172.16.12.1 255.255.255.0
 encapsulation ppp
 dialer pool 1
 dialer remote-name r2
 dialer string 384020 class CALLME
 dialer-group 1
 ppp authentication chap
 ppp chap hostname r1
!
interface Dialer1
 no ip address
 encapsulation ppp
 dialer pool 1
 dialer remote-name ipx2
 dialer string 384020
 dialer-group 2
 ipx network 12A
 snapshot server 5
 ppp authentication chap
 ppp chap hostname ipx1
!
router ospf 1
 log-adjacency-changes
 network 2.2.2.0 0.0.0.255 area 100
 network 10.10.10.0 0.0.0.255 area 0
!
router isis
 net 49.0001.1111.1111.1111.00
!
ip classless
ip default-network 140.10.0.0
no ip http server
ip as-path access-list 3 permit _450$
ip pim send-rp-announce Serial0.1 scope 16 group-list 10
ip pim send-rp-discovery scope 16
!
!
map-class dialer CALLME
 dialer callback-server username
access-list 1 permit 172.16.20.1
access-list 10 permit 225.5.5.5
access-list 100 permit ip host 172.16.10.1 host 172.16.15.1
dialer-list 1 protocol ip permit
dialer-list 2 protocol ipx permit
route-map PREF permit 10
 match as-path 3
 set local-preference 200
!
route-map PREF permit 20
!
route-map R2 permit 10
 match ip address 1
 set interface Ethernet0
!
route-map R2 permit 20
!
!
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Rob Hopkins: "PPP CHAP Question"
• Previous message: Nigel Taylor: "Re: IPSec config..."
• Maybe in reply to: Steven Weber: "IPSec config..."
• Next in thread: Vladimir Shchutski: "Re: IPSec config..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:52 GMT-3