From: Todd Veillette (tveillette@xxxxxxxx)
Date: Sun Sep 09 2001 - 20:58:18 GMT-3
I did that lab, and if I recall the 2nd step is after
you NAT via the ethernet interface to the serial,
so essentially a different network. I had it working,
and I believe there was a 3rd type of Ipsec,
or some type of encryption on the same router
for telent (lock and key??).
I also remember that there were errors in the conifgs,
in the text, can't specifically remember where.
-Todd
----- Original Message -----
From: "Peng Li" <lipeng@canada.com>
To: <ccielab@groupstudy.com>
Sent: Sunday, September 09, 2001 6:38 PM
Subject: IPsec in CCIE Lab Practice Kit by Stephen Hutnik
> ----- Original Message -----
> From: Peng Li
> To:
> Sent: Sunday, September 09, 2001 8:51 AM
> Subject: IPsec in CCIE Lab Practice Kit by Stephen Hutnik
>
>
> Hi, I tried the this part and got confused with IP sec.
>
> 2 questions about IPsec on the senario,
> 1. The question 1 askes to use two router's loop interface as peer, the
solution is to make the ISA key add and the IPsec set peer add to the same
loop . it's ok for this one.
>
> 2. the second question askes to use a second key and peer with serial
interface, the solution just adds one more line with Isa key add to serial
add and new key. This is not working.
>
> My question:
>
> ISA key add must be same as IPsec's peer's. Because the one of major
function for ISA is help the IPsec to authenticate the Peers(which is
identified by add).
> If you use IPsec local-add loop 0, its not possible to use the serial
interface add as peers as the book says.
>
> Any one tried this?
> If someone interested with this but don't have the book, I'd like to send
details later upon demand.
>
> Tks.
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:16 GMT-3