Fw: TED

From: Gregg Malcolm (greggm@xxxxxxxxxxxxx)
Date: Tue Apr 09 2002 - 04:51:30 GMT-3

• Next message: Tim O'Brien: "RE: Lab Tomorrow! Need Help"
• Previous message: Gregg Malcolm: "TED"
• Maybe in reply to: Gregg Malcolm: "TED"
• Next in thread: Jaspreet Bhatia: "Re: TED"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Forgot one thing...If anyone is interested, here is a sh ver (same on both
2500 routers) :
r6#sh ver

Cisco Internetwork Operating System Software

IOS (tm) 2500 Software (C2500-JOS56I-L), Version 12.1(5)T10,

----- Original Message -----
From: Gregg Malcolm
To: ccielab@groupstudy.com
Sent: Tuesday, April 09, 2002 12:46 AM
Subject: TED

Folks,

Does anyone have a working example of TED ? I haven't seen it mentioned much
on the list, but I wanted to make sure that I can get it to work. I browsed
the archives and found a similar symptom to mine but no solution. My problem
is that 'debug cry ipsec" gives me the following error : IPSEC(sa_initiate):
ACL = deny; sa request ignored. I do not believe that my problem is ACL
related however. Also, I can ping between the serials and I trying to secure
the tok0 on r1 and the e0 on r6.

I can make the configs work w/o TED. Maybe someone has experienced something
similar. Here are the 2 router config's :

Thanks, Gregg

r1
wrt

!
crypto isakmp policy 10
 authentication pre-share
crypto isakmp key abc123 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set secure1 esp-des esp-md5-hmac
!
crypto dynamic-map dyn 10
 set transform-set secure1
 match address 101
!
crypto map secure 500 ipsec-isakmp dynamic dyn discover
!
interface Serial1
 ip address 150.20.12.1 255.255.255.0
 crypto map secure
!
interface TokenRing0
 ip address 150.20.10.1 255.255.255.0
 ring-speed 16
!
access-list 101 permit ip 150.20.10.0 0.0.0.255 150.20.50.0 0.0.0.255
access-list 101 permit icmp 150.20.10.0 0.0.0.255 150.20.50.0 0.0.0.255

R6

r6#wrt

!
crypto isakmp policy 10
 authentication pre-share
crypto isakmp key abc123 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set secure1 esp-des esp-md5-hmac
!
crypto dynamic-map dyn 10
 set transform-set secure1
 match address 101
!
crypto map secure 500 ipsec-isakmp dynamic dyn discover
!
interface Serial0
 ip address 150.20.100.6 255.255.255.224
 encapsulation frame-relay
 ip ospf network broadcast
 ip ospf priority 0
 ipx network 100
 ipx output-network-filter 801
 no fair-queue
 clockrate 2000000
 dce-terminal-timing-enable
 frame-relay map ipx 100.0010.7b7f.5b9a 601 broadcast
 frame-relay map ipx 100.0060.476c.3e3c 601 broadcast
 frame-relay map ip 150.20.100.2 601 broadcast
 frame-relay map ip 150.20.100.4 601 broadcast
 frame-relay map ip 150.20.100.5 601 broadcast
 frame-relay map ipx 100.0000.0c87.05ca 601 broadcast
 frame-relay lmi-type ansi
 crypto map secure
!
access-list 101 permit ip 150.20.50.0 0.0.0.255 150.20.10.0 0.0.0.255
access-list 101 permit icmp 150.20.50.0 0.0.0.255 150.20.10.0 0.0.0.255

• Next message: Tim O'Brien: "RE: Lab Tomorrow! Need Help"
• Previous message: Gregg Malcolm: "TED"
• Maybe in reply to: Gregg Malcolm: "TED"
• Next in thread: Jaspreet Bhatia: "Re: TED"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:00 GMT-3