From: Mema Dre (dre_mema@xxxxxxxxxxx)
Date: Sun Oct 07 2001 - 09:34:38 GMT-3
If you want to IPSec your tunnel:
1. You have to put IPSec into a transport mode
2. You have to apply crypto map on physical interface and the tunnel.
3. Access list 100 must be configured for GRE traffic
>From: Khalid Nafie <knafie@ncr.com.kw>
>Reply-To: Khalid Nafie <knafie@ncr.com.kw>
>To: "Ccielab (E-mail)" <ccielab@groupstudy.com>
>Subject: IPSEC
>Date: Sun, 7 Oct 2001 12:48:50 +0300
>
>Dear all,
> Does any one know y IPSEC works when I put the crypto map into the
>e2/0 (phisical interface), but doesn't work with the same configuration
>when
>i put the crypto map into Tunn2, here is my configuration:
>thx in advance;
>
>
>crypto isakmp policy 1
> authentication pre-share
>crypto isakmp key cisco address 62.7.1.2
>!
>!
>crypto ipsec transform-set cisco esp-des esp-md5-hmac
>!
> !
> crypto map toR2 10 ipsec-isakmp
> set peer 62.7.1.2
> set transform-set cisco
> match address 100
>!
>interface Tunnel2
> ip address 23.1.1.3 255.255.255.0
> no ip directed-broadcast
> tunnel source 62.9.3.3
> tunnel destination 62.7.1.2
>!
>interface Ethernet2/0
> ip address 62.9.3.3 255.255.0.0
> no ip directed-broadcast
> crypto map toR2
>!
>access-list 100 permit ip host 62.9.3.3 host 62.7.1.2
>================================================
>Yours,
>Khaled Nafie
>Network Engineer
>Customer Services
>MCSE,CCDP,CCNP VOICE ACCESS
>NCR Corporation, Kuwait
>Mob.: +965-9872046
>Tel : +965- 2412201, 2412203
>Fax : +965-2413075
>Having trouble posting? Read:
>http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:14 GMT-3