RE: IPSec Lab Part 2

From: Denise Donohue (fradendon@xxxxxxxxxxx)
Date: Thu Apr 18 2002 - 12:22:27 GMT-3

• Next message: Lupi, Guy: "ATM PVC auto discovery"
• Previous message: Phil: "Re: ask a question about IRB"
• Maybe in reply to: Dustin.Yates@xxxxxxxxxxxx: "IPSec Lab Part 2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Also, I don't think you need the policy statements on the S0 interfaces.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Gannon, Stephen [IT]
Sent: Thursday, April 18, 2002 9:24 AM
To: 'Dustin.Yates@ercgroup.com'; ccielab@groupstudy.com
Subject: RE: IPSec Lab Part 2

Dustin,
I think you need a "crypto map telnet" on the serial interfaces as well.

SG

-----Original Message-----
From: Dustin.Yates@ercgroup.com [mailto:Dustin.Yates@ercgroup.com]
Sent: Wednesday, April 17, 2002 11:19 PM
To: ccielab@groupstudy.com
Subject: IPSec Lab Part 2

I'm working an IPSec series of labs that does have the solution for this
task. I put it on my lab routers, but I'm not sure if it's correct. Any
concerns with what I've proposed as a solution?

Requirement:
Provide for encryption of telnet sessions between R1's serial 0 interface
(1.1.1.1) and R2's serial 0 interface (2.2.2.2) through a GRE tunnel. Only
encrypt the telnet traffic.

My Solution:

on r1:
crypto isakmp policy 10
        auth pre-share
crypto isakmp key telnet-tunnel address 2.2.2.2
crypto ipsec transform-set telnet esp-des
crypto map telnet 10 ipsec-isakmp
        set peer 2.2.2.2
        set transform-set telnet
        match address 100

int tunnel 0
        ip unnumbered
        tunnel source serial 0
        tunnel destination 2.2.2.2
        crypto map telnet

int serial 0
        ip policy route-map telnet

route-map telnet permit 10
        match ip address 150
        set interface tunnel 0

access-list 100 permit gre host 1.1.1.1 host 2.2.2.2
access-list 150 permit tcp host 1.1.1.1 host 2.2.2.2 eq telnet

on r2:
crypto isakmp policy 10
        auth pre-share
crypto isakmp key telnet-tunnel address 1.1.1.1
crypto ipsec transform-set telnet esp-des
crypto map telnet 10 ipsec-isakmp
        set peer 1.1.1.1
        set transform-set telnet
        match address 100

int tunnel 0
        ip unnumbered
        tunnel source serial 0
        tunnel destination 1.1.1.1
        crypto map telnet

int serial 0
        ip policy route-map telnet

route-map telnet permit 10
        match ip address 150
        set interface tunnel 0

access-list 100 permit gre host 2.2.2.2 host 1.1.1.1
access-list 150 permit tcp host 2.2.2.2 host 1.1.1.1 eq telnet

TIA! dy

• Next message: Lupi, Guy: "ATM PVC auto discovery"
• Previous message: Phil: "Re: ask a question about IRB"
• Maybe in reply to: Dustin.Yates@xxxxxxxxxxxx: "IPSec Lab Part 2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:12 GMT-3