From: OhioHondo (ohiohondo@columbus.rr.com)
Date: Wed Feb 19 2003 - 18:25:24 GMT-3
Chuck
I have used router interfaces for extended pings that have been processed by
a crypto map on the same router. (i.e. a 2611 with a crypto map on e0/0.
Successfully do an extended ping, that is processed by the crypto map, from
the IP address on interface e0/1. Maybe that's not what you meant.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of Chuck
Church
Sent: Wednesday, February 19, 2003 1:56 PM
To: Cezar Fistik; ccielab@groupstudy.com
Subject: Re: IPSec and first 5 pings timeout
Yes, and yes. Cryptomaps will only work with traffic coming into the router
on that interface. The router can't do crypto stuff to packets that are
already internal to the router. As far as the time delay for the tunnel to
form, it's normal, especially with 2500s. 2600s and higher are much faster.
Only takes a second or two for the tunnel to form.
Chuck Church
CCIE #8776, MCNE, MCSE
----- Original Message -----
From: "Cezar Fistik" <cfistik@moldovacc.md>
To: <ccielab@groupstudy.com>
Sent: Wednesday, February 19, 2003 11:18 AM
Subject: IPSec and first 5 pings timeout
> Hi all,
>
> Yesterday I've spent some time playing with IPSec although I'm not sure
> that this topic could appear on R&S lab. Anyway, here's what I noticed.
>
> 1. I couldn't make it work when the crypto map is applied to the interface
> that is on protected network. Only when I moved the crypto maps to the
> interfaces that connect, let's say to the rest of the netwok, it started
to
> work. Is it normal? I used pre-shared key authentication.
>
> 2.When I tried to ping a host on the other side of the of the IPSec tunnel
> and if the IPSec tunnel is not established, the first 5 pings timeout. I
> understand that this is due to ipsec and isakmp parameters negotiations
and
> so on.. but is it norma? Does it always work this way?
>
> Thank you very much
> Cezar Fistik
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:29 GMT-3