From: mascot net (mascotnet@xxxxxxxxx)
Date: Sun May 20 2001 - 18:45:37 GMT-3
I got it to work with no tunnels..
Any thoughts why it working if the other comments are
true....???
Here are the configs:-
R1----R5-----R4
hostname R1
!
ip subnet-zero
no ip finger
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key cisco address 172.16.20.2
!
!
crypto ipsec transform-set mytrans esp-des
esp-md5-hmac
!
crypto map mymap 10 ipsec-isakmp
set peer 172.16.20.2
set transform-set mytrans
match address 101
!
!
!
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
clockrate 64000
!
interface Serial2
ip address 172.16.10.1 255.255.255.0
clockrate 64000
crypto map mymap
!
interface Serial3
no ip address
shutdown
!
interface TokenRing0
ip address 172.16.30.1 255.255.255.0
ring-speed 16
!
interface TokenRing1
no ip address
shutdown
!
router eigrp 1
network 172.16.0.0
no auto-summary
no eigrp log-neighbor-changes
!
ip classless
no ip http server
!
access-list 101 permit ip 172.16.30.0 0.0.0.255
172.16.40.0 0.0.0.255
!
!
line con 0
transport input none
line aux 0
line vty 0 4
login
!
end
------------------------------
hostname R5
!
!
!
!
!
!
ip subnet-zero
no ip finger
!
!
!
!
!
!
interface Ethernet0
ip address 172.16.20.1 255.255.255.0
!
interface Serial0
ip address 172.16.10.2 255.255.255.0
!
interface Serial1
no ip address
shutdown
!
interface BRI0
no ip address
shutdown
!
router eigrp 1
network 172.16.0.0
no auto-summary
no eigrp log-neighbor-changes
!
ip classless
ip http server
!
!
!
line con 0
transport input none
line aux 0
line vty 0 4
!
end
---------------------------------------
hostname R4
!
!
!
!
!
!
ip subnet-zero
no ip finger
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key cisco address 172.16.10.1
!
!
crypto ipsec transform-set mytrans esp-des
esp-md5-hmac
!
crypto map mymap 10 ipsec-isakmp
set peer 172.16.10.1
set transform-set mytrans
match address 101
!
!
!
!
interface Ethernet0
ip address 172.16.20.2 255.255.255.0
crypto map mymap
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface TokenRing0
ip address 172.16.40.1 255.255.255.0
ring-speed 16
!
router eigrp 1
network 172.16.0.0
no auto-summary
no eigrp log-neighbor-changes
!
ip classless
ip http server
!
access-list 101 permit ip 172.16.40.0 0.0.0.255
172.16.30.0 0.0.0.255
!
!
line con 0
transport input none
line aux 0
line vty 0 4
login
!
end
-------------------------------------------end------
--- Steve Munro <Steve.Munro@integralis.com> wrote:
> One reason for routing not working is that ipsec
> tunnels do not support
> multicasts, which means you cannot use ospf etc but
> rip will work.
>
> Rgds,
>
> Steve
>
> -----Original Message-----
> From: mascot net
> To: ccielab@groupstudy.com
> Sent: 5/20/01 8:50 PM
> Subject: Re: IPsec VPN with no GRE tunnel
>
> Tim,
>
> Could you explain why can't routing info. pass
> without
> the tunnel.
>
> tks,
> MN
>
> --- Tim O'Brien <tobrien@cinci.rr.com> wrote:
> > sure... you would really only need the tunnel if
> you
> > wanted to pass routing
> > information.
> >
> > Tim
> >
> > ----- Original Message -----
> > From: "mascot net" <mascotnet@yahoo.com>
> > To: <ccielab@groupstudy.com>
> > Sent: Sunday, May 20, 2001 1:09 PM
> > Subject: IPsec VPN with no GRE tunnel
> >
> >
> > Is it possible to create a VPN with just IPsec
> only
> > (no GRE tunnel).
> >
> > tks
> > MN
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:47 GMT-3