IPSec with a Tunnel as the egress interface

From: Jerry Haverkos (jhaverkos@xxxxxxxxxxxxxxx)
Date: Fri Jun 21 2002 - 14:44:38 GMT-3

• Next message: Kyaw Khine: "Cat 5K power supply"
• Previous message: Bauer, Rick: "RE: Please re- read a see can you help (More exact problem)"
• Next in thread: Denise Donohue: "Re: IPSec with a Tunnel as the egress interface"
• Maybe reply: Denise Donohue: "Re: IPSec with a Tunnel as the egress interface"
• Maybe reply: Tommy C: "Re: IPSec with a Tunnel as the egress interface"
• Maybe reply: Jerry Haverkos: "RE: IPSec with a Tunnel as the egress interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hello Everyone

I could use some help. I am not establishing an ISAKMP SA between 2 routers
that have a tunnel between them. The serial connection is frame-relay. The
following is the IPSec configuration of the two routers at present. The
tunnel works without IPSec. Also I have another serial interface, non-frame
and no tunnel, that has IPSec working. Your consideration of the problem is
appreciated.

Router 3640-1
crypto isakmp policy 10
    authentication pre-share
crypto isakmp key tunnel1 address 139.7.147.2
crypto isakmp key LetMeIn address 139.7.97.1
crypto ipsec transform-set s1 esp-des esp-md5-hmac
crypto ipsec transform-set s2 esp-des esp-md5-hmac
crypto map Sec1 10 ipsec-isakmp
    set peer 139.7.97.1
    set transform-set s1
    match address 100
   crypto map Sec1 20 ipsec-isakmp
    set peer 139.7.147.2
    set transform-set s2
    match address 151
interface Loopback0
    ip address 139.7.254.254 255.255.255.252
interface Tunnel1
    ip address 139.7.147.1 255.255.255.252
    ipx ipxwan 0 221155 3640-1
    ipx nlsp enable
    tunnel source Loopback0
    tunnel destination 139.7.65.1
    crypto map Sec1
interface Serial1/0
    no ip address
    encapsulation frame-relay
    no frame-relay inverse-arp
interface Serial1/0.1 multipoint
    ip address 139.7.254.9 255.255.255.248
    ip nat inside
    ip ospf network broadcast
    frame-relay map ip 139.7.254.10 401 broadcast
    frame-relay map ip 139.7.254.11 403 broadcast
access-list 151 permit ip host 139.7.254.254 host 139.7.65.1

Router2611-1
crypto isakmp policy 10
   authentication pre-share
crypto isakmp key tunnel1 address 139.7.147.1
crypto ipsec transform-set s1 esp-des esp-md5-hmac
crypto map Sec1 10 ipsec-isakmp
    set peer 139.7.147.1
    set transform-set s1
    match address 100
interface Loopback0
    ip address 139.7.65.1 255.255.255.255
interface Tunnel1
    ip address 139.7.147.2 255.255.255.252
    ipx ipxwan 0 221155 2611-1
    ipx nlsp enable
    tunnel source Loopback0
    tunnel destination 139.7.254.254
    crypto map Sec1
interface Serial0/0
    bandwidth 64
    ip address 139.7.254.11 255.255.255.248
    encapsulation frame-relay
    ip ospf network broadcast
    ip ospf priority 0
    frame-relay map ip 139.7.254.9 304 broadcast
    frame-relay map ip 139.7.254.10 304 broadcast
    no frame-relay inverse-arp
    frame-relay lmi-type ansi
access-list 100 permit ip host 139.7.65.1 host 139.7.254.254

• Next message: Kyaw Khine: "Cat 5K power supply"
• Previous message: Bauer, Rick: "RE: Please re- read a see can you help (More exact problem)"
• Next in thread: Denise Donohue: "Re: IPSec with a Tunnel as the egress interface"
• Maybe reply: Denise Donohue: "Re: IPSec with a Tunnel as the egress interface"
• Maybe reply: Tommy C: "Re: IPSec with a Tunnel as the egress interface"
• Maybe reply: Jerry Haverkos: "RE: IPSec with a Tunnel as the egress interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:39 GMT-3