From: Nigel Taylor (nigel_taylor@xxxxxxxxxxx)
Date: Mon May 28 2001 - 03:04:05 GMT-3
Gary,
In order to get the traffic between the two end-points to work you
must identify that traffic in the tunnel
itself will encrypted. I was just wondering what did your "debug crypto
isa" "debug crypto ipsec" showed
Anyway here's a good link that should help you get things working
http://www.cisco.com/warp/public/707/ipsec_gre.html
http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:GRE&;
s=Implementation_and_Configuration#Samples_%26_Tips
HTH
Nigel..
----- Original Message -----
From: garry baker <fallow46@yahoo.com>
To: <ccielab@groupstudy.com>
Sent: Monday, May 28, 2001 1:15 AM
Subject: help!! ipsec tunnel
> Guys,
>
> i am trying to get a ipsec to work over a gre tunnel,
> the tunnel works fine but when i add the ipsec i am
> unable to ping the other end of the tunnel. all i am
> trying to achieve is to be able to ping the other end
> of the tunnel. i went through the post from last week
> that was similar but still could not fix my problem.
>
> i have three routers connected with the outer two
> acting as the tunnel endpoints. i have pasted the
> relevant config details. could someone point me in the
> right direction?
>
> Garry
>
> r6
>
> crypto isakmp policy 1
> authentication pre-share
> crypto isakmp key 123456 address 64.108.4.9
> crypto isakmp key 12345 address 64.108.68.8
>
> crypto map test local-address Tunnel0
> crypto map test 10 ipsec-isakmp
> set peer 64.180.68.8
> set transform-set test
> match address 150
> !
>
> interface Tunnel0
> ip address 64.108.68.6 255.255.255.0
> no ip directed-broadcast
> no ip route-cache
> no ip mroute-cache
> tunnel source 64.108.9.2
> tunnel destination 64.108.1.34
> crypto map test
>
> interface Serial0/1
> ip address 64.108.9.2 255.255.255.240
> no ip directed-broadcast
> ip pim sparse-mode
> encapsulation ppp
> ip ospf interface-retry 0
> ip igmp join-group 226.10.10.1
> ip igmp join-group 226.1.1.10
> crypto map test
>
> access-list 150 permit ip host 64.108.68.6 host
> 64.108.68.8
>
> r8
>
> crypto isakmp policy 1
> authentication pre-share
> crypto isakmp key 12345 address 64.108.68.6
> !
> !
> crypto ipsec transform-set test esp-des
> !
> !
> crypto map test local-address Tunnel0
> crypto map test 10 ipsec-isakmp
> set peer 64.108.68.6
> set transform-set test
> match address 150
>
> interface Tunnel0
> ip address 64.108.68.8 255.255.255.0
> no ip directed-broadcast
> no ip route-cache
> no ip mroute-cache
> tunnel source 64.108.1.34
> tunnel destination 64.108.9.2
> crypto map test
> !
> interface Ethernet0/0
> ip address 64.108.1.34 255.255.255.224
> no ip directed-broadcast
> ip pim sparse-mode
> crypto map test
>
> access-list 150 permit ip host 64.108.68.8 host
> 64.108.68.6
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:55 GMT-3