vpn issue with 2611

From: yakout esmat (yesmat@iprimus.com.au)
Date: Wed Jan 21 2004 - 23:26:39 GMT-3

• Next message: Ashok Verma \(ashoverm\): "BGP Question ( No Sync)"
• Previous message: yakout esmat: "VPN issue with 2611"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Note:

It seems that the traffic generated from 2611 to the pix 506 is being encap
and encrypted all right, but it is not being decrypted as shown on the
output below:

2611#sh crypto engine conn ac

  ID Interface IP-Address State Algorithm Encrypt
Decrypt
   1 <none> <none> set HMAC_SHA+DES_56_CB 0
0
2000 Ethernet0/1 10.10.0.253 set HMAC_MD5+DES_56_CB 0
0
2001 Ethernet0/1 10.10.0.253 set HMAC_MD5+DES_56_CB 128
0

2611#sh crypto engine conn ac

  ID Interface IP-Address State Algorithm Encrypt
Decrypt
   1 <none> <none> set HMAC_SHA+DES_56_CB
0 0
2000 Ethernet0/1 10.10.0.253 set HMAC_MD5+DES_56_CB 0
0
2001 Ethernet0/1 10.10.0.253 set HMAC_MD5+DES_56_CB 129
0

2611#sh crypto engine conn ac

  ID Interface IP-Address State Algorithm Encrypt
Decrypt
   1 <none> <none> set HMAC_SHA+DES_56_CB 0
0
2000 Ethernet0/1 10.10.0.253 set HMAC_MD5+DES_56_CB 0
0
2001 Ethernet0/1 10.10.0.253 set HMAC_MD5+DES_56_CB 130
0

2611#sh crypto engine conn ac

  ID Interface IP-Address State Algorithm Encrypt
Decrypt
   1 <none> <none> set HMAC_SHA+DES_56_CB 0
0
2000 Ethernet0/1 10.10.0.253 set HMAC_MD5+DES_56_CB 0
0
2001 Ethernet0/1 10.10.0.253 set HMAC_MD5+DES_56_CB 131
0

Cheers

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.558 / Virus Database: 350 - Release Date: 1/2/2004

• Next message: Ashok Verma \(ashoverm\): "BGP Question ( No Sync)"
• Previous message: yakout esmat: "VPN issue with 2611"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:48 GMT-3