ISAKMP host identity

From: Chen Kwong Wai William (kwchen@netvigator.com)
Date: Thu Sep 04 2003 - 21:40:38 GMT-3

• Next message: Biondino, Joseph: "RE: Memory leak??"
• Previous message: Brian Dennis: "RE: Memory leak??"
• Next in thread: Micah Byers: "RE: ISAKMP host identity"
• Maybe reply: Micah Byers: "RE: ISAKMP host identity"
• Maybe reply: Chen Kwong Wai William: "Re: ISAKMP host identity"
• Maybe reply: Kurt Kruegel: "Re: ISAKMP host identity"
• Maybe reply: Chen Kwong Wai William: "Re: ISAKMP host identity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dear all,

   I trie to use hostname as identity in stead of IP address, however, the
following configure is not works, please help.

RouterA#sh run
00:52:52: %SYS-5-CONFIG_I: Configured from console by console
Building configuration...

Current configuration : 1560 bytes
!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname RouterA
!
logging rate-limit console 10 except errors
!
ip subnet-zero
no ip finger
ip domain-name ip.net
ip host RouterC.ip.net 192.168.2.3
!
no ip dhcp-client network-discovery
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key cisco hostname RouterC.ip.net
crypto isakmp identity hostname
!
!
crypto ipsec transform-set SET1 esp-des esp-md5-hmac
 mode transport
!
crypto map MAP1 10 ipsec-isakmp
 set peer 192.168.2.3
 set transform-set SET1
 match address 101
!
!
!
!
interface Loopback0
 ip address 192.168.10.1 255.255.255.0
 ip ospf network point-to-point
!
interface Tunnel1
 ip address 172.16.1.1 255.255.255.0
 tunnel source 192.168.1.1
 tunnel destination 192.168.2.3
 crypto map MAP1
!
interface Ethernet0
 no ip address
 shutdown
!
interface Serial0
 ip address 192.168.1.1 255.255.255.0
 no fair-queue
 crypto map MAP1
!
interface Serial1
 no ip address
 shutdown
!
interface BRI0
 no ip address
 shutdown
 cdapi buffers regular 0
 cdapi buffers raw 0
 cdapi buffers large 0
!
router eigrp 10
 network 172.16.0.0
 auto-summary
 no eigrp log-neighbor-changes
!
router ospf 1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
!
ip kerberos source-interface any
ip classless
ip http server
!
access-list 101 permit gre host 192.168.1.1 host 192.168.2.3
!
!
line con 0
 transport input none
line aux 0
line vty 0 4RouterC#sh run
Building configuration...

Current configuration : 1709 bytes
!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname RouterC
!
logging rate-limit console 10 except errors
!
ip subnet-zero
no ip finger
ip domain-name ip.net
ip host RouterA.ip.net 192.168.1.1
!
no ip dhcp-client network-discovery
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key cisco hostname RouterA.ip.net
crypto isakmp identity hostname
!
!
crypto ipsec transform-set SET1 esp-des esp-md5-hmac
 mode transport
!
crypto map MAP1 10 ipsec-isakmp
 set peer 192.168.1.1
 set transform-set SET1
 match address 101
!
!
!
!
interface Loopback0
 ip address 192.168.30.3 255.255.255.0
 ip ospf network point-to-point
!
interface Tunnel0
 ip address 172.16.1.2 255.255.255.0
 tunnel source 192.168.2.3
 tunnel destination 192.168.1.1
 crypto map MAP1
!
interface Tunnel9
 no ip address
!
interface Serial0
 ip address 192.168.2.3 255.255.255.0
 no fair-queue
 crypto map MAP1
!
interface Serial1
 no ip address
 shutdown
!
interface Serial2
 no ip address
 shutdown
!
interface Serial3
 no ip address
 shutdown
!
interface TokenRing0
 no ip address
 shutdown
!
interface BRI0
 no ip address
 shutdown
 isdn x25 static-tei 0
 cdapi buffers regular 0
 cdapi buffers raw 0
 cdapi buffers large 0
!
router eigrp 10
 network 172.16.0.0
 auto-summary
 no eigrp log-neighbor-changes
!
router ospf 1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
!
ip kerberos source-interface any
ip classless
ip http server
!
access-list 101 permit gre host 192.168.2.3 host 192.168.1.1
!
!
line con 0
 transport input none
line aux 0
line vty 0 4
 login
!
end
 login
!
end

00:41:47: ISAKMP: received ke message (1/1)
00:41:47: ISAKMP: local port 500, remote port 500
00:41:47: ISAKMP (0:1): No Cert or pre-shared address key.
00:41:47: ISAKMP (0:1): Can not start Main mode
00:41:47: ISAKMP: 192.168.2.3 not in host cache
00:41:47: ISAKMP (0:1): Can not start aggressive mode.
00:41:47: ISAKMP (0:1): purging SA.
00:41:47: ISAKMP (0:1): purging node 1237511114
00:42:17: ISAKMP: received ke message (3/1)
00:42:17: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src
192.168.1.1 dst 192.168.2.3 for SPI 0x0

--- William

• Next message: Biondino, Joseph: "RE: Memory leak??"
• Previous message: Brian Dennis: "RE: Memory leak??"
• Next in thread: Micah Byers: "RE: ISAKMP host identity"
• Maybe reply: Micah Byers: "RE: ISAKMP host identity"
• Maybe reply: Chen Kwong Wai William: "Re: ISAKMP host identity"
• Maybe reply: Kurt Kruegel: "Re: ISAKMP host identity"
• Maybe reply: Chen Kwong Wai William: "Re: ISAKMP host identity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:23 GMT-3