From: Huy Luu (hluu@xxxxxxxxxxxx)
Date: Mon Apr 22 2002 - 13:41:19 GMT-3
Friends,
I having problem configuring IPsec. I'm using IOS 12.2(8)T1. I'm using an
example from Cisco but couldn't get it to work. I have vpn client 3.1 on
my labtop and trying to connect to my router. The connection came up but
the traffic is not encrypted. Here is the config:
Laptop---------------IPcloud(216.57.130.0/24)
------------------eth0/1---R4---
eth0/0-------------------------------------64.55.94.0/24-----------------------
-router---------172.16.10.0/24
172.16.50.10
Behind R4 are two networks 172.16.10.0/24 and 64.55.94.0/24. I want
traffic from my laptop to these two networks to be encrypted. I specified
access-list 135 to encryptp this traffic and sent continuous pings but the
statistics output from the VPN client does not show any encrypted traffic.
R4#sho run
Building configuration...
Current configuration : 3757 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R4
!
boot system flash c2600-d-mz.120-8.bin
logging buffered 4096 debugging
aaa new-model
!
!
aaa authentication login userauthen local
aaa authentication login userauth local
aaa authorization network groupauth local
aaa session-id common
enable password bozo
!
username huy password 0 cisco
username keith password 0 cisco
ip subnet-zero
!
!
no ip domain-lookup
ip host a 192.168.10.1
ip host D 172.16.10.1
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group testclient
key abc123
dns 216.57.130.1
wins 172.16.10.1
domain wbs
pool ippool
acl 135
!
!
crypto ipsec transform-set tset esp-3des esp-sha-hmac
!
!
crypto dynamic-map mmap 10
set transform-set tset
!
!
crypto map tmap client authentication list userauth
crypto map tmap isakmp authorization list groupauth
crypto map tmap client configuration address respond
crypto map tmap 10 ipsec-isakmp dynamic mmap
!
!
!
!
!
!
!
!
fax interface-type fax-mail
mta receive maximum-recipients 0
!
!
!
!
interface Loopback0
no ip address
interface Ethernet0/0
ip address 64.55.94.1 255.255.255.0
half-duplex
!
interface Ethernet0/1
ip address 216.57.130.150 255.255.255.192
no ip redirects
no keepalive
full-duplex
crypto map tmap
ip route 0.0.0.0 0.0.0.0 216.57.130.129
ip route 172.16.10.0 255.255.255.0 64.55.94.132
no ip http server
ip pim bidir-enable
!
access-list 135 permit ip 216.57.0.0 0.0.255.255 172.16.10.0 0.0.0.255
access-list 135 permit ip 216.57.0.0 0.0.255.255 64.55.94.0 0.0.0.255
access-list 135 permit ip 216.57.130.0 0.0.0.255 172.16.10.0 0.0.0.255
access-list 135 permit ip 216.57.130.0 0.0.0.255 64.55.94.0 0.0.0.255
access-list 135 permit ip 172.16.50.0 0.0.0.255 64.55.94.0 0.0.0.255
access-list 135 permit ip 172.16.50.0 0.0.0.255 172.16.10.0 0.0.0.255
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:16 GMT-3