RE: IPSEC

From: Denise Donohue (fradendon@xxxxxxxxxxx)
Date: Wed Apr 10 2002 - 19:29:19 GMT-3

• Next message: Jenkins, Buddy: "RE: IOS Version for LAB"
• Previous message: scott mann: "Setting logging"
• Maybe in reply to: Charles Carley: "IPSEC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
This is a nice, clear config - thanks for posting it. Just one thing - it's
my understanding that the "crypto map mymap local-address" command is needed
only if you're applying the crypto map to more than one interface on the
router. Is that true? And if so, think you'd be dinged for having an
extraneous command?

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
miken
Sent: Saturday, April 06, 2002 9:18 PM
To: Charles Carley; Ccie
Subject: Re: IPSEC

Here ya go!
Basic Router-to-Router IPSec

Router A

crypto isakmp policy 1

  authentication pre-share

crypto isakmp key cisco123 address 160.0.0.1

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto map mymap local-address Serial0

crypto map mymap 1 ipsec-isakmp

  set peer 160.0.0.1

  set transform-set myset

  match address 100

interface Ethernet0

  ip address 10.0.0.1 255.255.255.0

interface Serial0

  ip address 150.0.0.1 255.255.255.0

  crypto map mymap

ip route 0.0.0.0 0.0.0.0 Serial0

access-list 100 permit ip 10.0.0.0 0.0.0.255 20.0.0.0 0.0.0.255

Router B

crypto isakmp policy 1

  authentication pre-share

crypto isakmp key cisco123 address 150.0.0.1

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto map mymap local-address Serial0

crypto map mymap 1 ipsec-isakmp

  set peer 150.0.0.1

  set transform-set myset

  match address 100

interface Ethernet0

  ip address 20.0.0.1 255.255.255.0

interface Serial0

  ip address 160.0.0.1 255.255.255.0

  crypto map mymap

ip route 0.0.0.0 0.0.0.0 Serial0

access-list 100 permit ip 20.0.0.0 0.0.0.255 10.0.0.0 0.0.0.255

HTH,

MikeN

----- Original Message -----
From: "Charles Carley" <ccarley@columbus.rr.com>
To: "Ccie" <ccielab@groupstudy.com>
Sent: Friday, April 05, 2002 7:11 PM
Subject: IPSEC

> I am having a little trouble getting the basic configuration example from
> the Cisco web site to work. Can someone post what they consider to be a
> minimal IPSEC configuration? Thanks.
>
> Charles

• Next message: Jenkins, Buddy: "RE: IOS Version for LAB"
• Previous message: scott mann: "Setting logging"
• Maybe in reply to: Charles Carley: "IPSEC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:04 GMT-3