Re: help!! ipsec tunnel

From: Jim Graves (jtg@xxxxxxxxxx)
Date: Mon May 28 2001 - 09:10:53 GMT-3

• Next message: Hongtu Wang: "OT: How to config sub-interface on back to back POS card?"
• Previous message: garry baker: "Re: help!! ipsec tunnel"
• Maybe in reply to: garry baker: "help!! ipsec tunnel"
• Next in thread: Justin Menga: "RE: help!! ipsec tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Try using the serial interfaces as peer addresses, instead of the tunnel
interfaces. I think things can get confused if your peer address is also
part of the encryption domain.

At 10:15 PM 5/27/2001 -0700, garry baker wrote:
>Guys,
>
>i am trying to get a ipsec to work over a gre tunnel,
>the tunnel works fine but when i add the ipsec i am
>unable to ping the other end of the tunnel. all i am
>trying to achieve is to be able to ping the other end
>of the tunnel. i went through the post from last week
>that was similar but still could not fix my problem.
>
>i have three routers connected with the outer two
>acting as the tunnel endpoints. i have pasted the
>relevant config details. could someone point me in the
>right direction?
>
>Garry
>
>r6
>
>crypto isakmp policy 1
> authentication pre-share
>crypto isakmp key 123456 address 64.108.4.9
>crypto isakmp key 12345 address 64.108.68.8
>
>crypto map test local-address Tunnel0
>crypto map test 10 ipsec-isakmp
> set peer 64.180.68.8
> set transform-set test
> match address 150
>!
>
>interface Tunnel0
> ip address 64.108.68.6 255.255.255.0
> no ip directed-broadcast
> no ip route-cache
> no ip mroute-cache
> tunnel source 64.108.9.2
> tunnel destination 64.108.1.34
> crypto map test
>
>interface Serial0/1
> ip address 64.108.9.2 255.255.255.240
> no ip directed-broadcast
> ip pim sparse-mode
> encapsulation ppp
> ip ospf interface-retry 0
> ip igmp join-group 226.10.10.1
> ip igmp join-group 226.1.1.10
> crypto map test
>
>access-list 150 permit ip host 64.108.68.6 host
>64.108.68.8
>
>r8
>
>crypto isakmp policy 1
> authentication pre-share
>crypto isakmp key 12345 address 64.108.68.6
>!
>!
>crypto ipsec transform-set test esp-des
>!
>!
>crypto map test local-address Tunnel0
>crypto map test 10 ipsec-isakmp
> set peer 64.108.68.6
> set transform-set test
> match address 150
>
>interface Tunnel0
> ip address 64.108.68.8 255.255.255.0
> no ip directed-broadcast
> no ip route-cache
> no ip mroute-cache
> tunnel source 64.108.1.34
> tunnel destination 64.108.9.2
> crypto map test
>!
>interface Ethernet0/0
> ip address 64.108.1.34 255.255.255.224
> no ip directed-broadcast
> ip pim sparse-mode
> crypto map test
>
>access-list 150 permit ip host 64.108.68.8 host
>64.108.68.6
>
>

• Next message: Hongtu Wang: "OT: How to config sub-interface on back to back POS card?"
• Previous message: garry baker: "Re: help!! ipsec tunnel"
• Maybe in reply to: garry baker: "help!! ipsec tunnel"
• Next in thread: Justin Menga: "RE: help!! ipsec tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:55 GMT-3