Re: IPSec config...

From: Vladimir Shchutski (vshchutski@xxxxxxxxx)
Date: Tue Apr 24 2001 - 16:33:58 GMT-3

• Next message: Darek Kuzma: "DDR Dialer Profiles and broadcasts"
• Previous message: Mas Kato: "RE: Failed CCIE lab."
• Maybe in reply to: Steven Weber: "IPSec config..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
At first glance I found that you put Loop7 instead of
Loop 6 under crypto map local-address. Also you
have to change access-list 100. just put "gre" instead
of "ip".

regards,
Vladimir.

--- Steven Weber <itweber@earthlink.net> wrote:
> can someone please take a look a this IPSec config,
> it isn't working, I don't
> know why, and I don't know where to start
> troubleshooting it.Please let me
> know where I went wrong.
> TIA
> Steve
>
> Current configuration : 2526 bytes
> !
> version 12.1
> no service single-slot-reload-enable
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname r5
> !
> no logging rate-limit
> no logging console
> !
> ip subnet-zero
> no ip finger
> ip tcp synwait-time 5
> no ip domain-lookup
> !
> clns routing
> cns event-service server
> !
> !
> crypto isakmp policy 1
> hash md5
> authentication pre-share
> crypto isakmp key 1234 address 172.16.10.1
> !
> !
> crypto ipsec transform-set CCIE esp-des
> !
> crypto map ECP1 local-address Loopback7
> crypto map ECP1 2 ipsec-isakmp
> set peer 172.16.10.1
> set transform-set CCIE
> match address 100
> !
> !
> !
> !
> interface Loopback0
> ip address 172.16.50.29 255.255.255.252
> no ip route-cache
> no ip mroute-cache
> !
> interface Loopback1
> ip address 172.16.50.26 255.255.255.252
> no ip route-cache
> no ip mroute-cache
> !
> interface Loopback2
> ip address 172.16.50.33 255.255.255.252
> no ip route-cache
> no ip mroute-cache
> !
> interface Loopback3
> ip address 172.16.253.5 255.255.255.0
> no ip route-cache
> no ip mroute-cache
> !
> interface Loopback4
> ip address 157.10.1.211 255.255.255.240
> no ip route-cache
> no ip mroute-cache
> !
> interface Loopback5
> ip address 1.1.2.101 255.255.255.0
> ip router isis
> no ip route-cache
> no ip mroute-cache
> !
> interface Loopback6
> ip address 172.16.15.1 255.255.255.0
> ip router isis
> no ip route-cache
> no ip mroute-cache
> !
> interface Loopback7
> ip address 5.5.5.5 255.255.255.0
> no ip route-cache
> no ip mroute-cache
> !
> interface Tunnel0
> ip address 10.10.10.5 255.255.255.0
> tunnel source 172.16.15.1
> tunnel destination 172.16.10.1
> crypto map ECP1
> !
> interface Ethernet0
> ip address 172.16.160.5 255.255.252.0
> ip router isis
> no ip route-cache
> no ip mroute-cache
> crypto map ECP1
> !
> interface Serial0
> no ip address
> no ip route-cache
> no ip mroute-cache
> shutdown
> !
> interface Serial1
> no ip address
> no ip route-cache
> no ip mroute-cache
> shutdown
> !
> interface TokenRing0
> no ip address
> no ip route-cache
> no ip mroute-cache
> shutdown
> !
> router ospf 1
> log-adjacency-changes
> network 5.5.5.0 0.0.0.255 area 105
> network 10.10.10.0 0.0.0.255 area 0
> !
> router isis
> net 49.0002.5555.5555.5555.00
> is-type level-1
> !
> ip kerberos source-interface any
> ip classless
> no ip http server
> !
> access-list 100 permit ip host 172.16.15.1 host
> 172.16.10.1
> !
>
>
> Current configuration : 4193 bytes
> !
> version 12.1
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname r1
> !
> no logging console
> !
> username r2 password 0 cisco
> username ipx2 password 0 cisco
> !
> !
> !
> !
> ip subnet-zero
> no ip finger
> ip tcp synwait-time 5
> no ip domain-lookup
> !
> ip multicast-routing
> clns routing
> ipx routing 0001.0001.0001
> isdn switch-type basic-dms100
> cns event-service server
> !
> !
> crypto isakmp policy 1
> hash md5
> authentication pre-share
> crypto isakmp key 1234 address 172.16.15.1
> !
> !
> crypto ipsec transform-set CCIE esp-des
> !
> crypto map ECP1 local-address Loopback1
> crypto map ECP1 2 ipsec-isakmp
> set peer 172.16.15.1
> set transform-set CCIE
> match address 100
> !
> !
> !
> !
> interface Loopback0
> ip address 172.16.249.1 255.255.255.0
> ip pim sparse-dense-mode
> ip igmp join-group 226.6.6.6
> ip igmp join-group 225.5.5.5
> !
> interface Loopback1
> ip address 172.16.10.1 255.255.255.0
> ip router isis
> !
> interface Loopback2
> ip address 2.2.2.1 255.255.255.0
> !
> interface Tunnel0
> no ip address
> ipx network 112A
> tunnel source 172.16.249.1
>
=== message truncated ===

=====
Vladimir Shchutskiy
Planning Technologines, Inc.
E-mail: vshchutski@yahoo.com
Phone: 718 351 9257
Cell: 412 327 1294
Pager: 4123271294@mobile.att.net

• Next message: Darek Kuzma: "DDR Dialer Profiles and broadcasts"
• Previous message: Mas Kato: "RE: Failed CCIE lab."
• Maybe in reply to: Steven Weber: "IPSec config..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:55 GMT-3