From: Richard Dumoulin (richard.dumoulin@vanco.es)
Date: Wed Apr 21 2004 - 10:17:16 GMT-3
Can I suggest to try connectivity host to host instead ?
Also on the side where you don't see the hits, can you type debug ip packet
detail to see if the TED probes reach the router ?
--Richard
-----Original Message-----
From: Wright, Jeremy [mailto:wright@admworld.com]
Sent: miircoles, 21 de abril de 2004 14:43
To: Richard Dumoulin; Wright, Jeremy; 'security@groupstudy.com'
Cc: 'ccielab@groupstudy.com'
Subject: RE: TED Help
extended
_____
From: Richard Dumoulin [mailto:richard.dumoulin@vanco.es]
Sent: Wednesday, April 21, 2004 3:38 AM
To: Wright, Jeremy; 'security@groupstudy.com'
Cc: 'ccielab@groupstudy.com'
Subject: RE: TED Help
Have you done extended pings from ethernet to ethernet ? Or do you have
routers plugged into both ethernet interfaces and pinged from them ?
--Richard
-----Original Message-----
From: Wright, Jeremy [mailto:wright@admworld.com
<mailto:wright@admworld.com> ]
Sent: miircoles, 21 de abril de 2004 4:17
To: 'security@groupstudy.com'
Cc: 'ccielab@groupstudy.com'
Subject: TED Help
I can't see to get TED fired up. I pulled the info straight off CCO (minus
IP's) and no output on debug crypto isakmp,ipsec,engine. No hits on my ACL
either. Below are my configs. R1-R2(hub router)-R4
R1:
crypto isakmp policy 10
authentication pre-share
crypto isakmp key abc123 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set ted-transforms esp-des esp-md5-hmac
!
crypto dynamic-map ted-map 10
set transform-set ted-transforms
match address 101
!
crypto map tedtag 10 ipsec-isakmp dynamic ted-map discover interface
FastEthernet0/0 ip address 192.168.15.1 255.255.255.0
interface Serial0/0
ip address 150.50.12.1 255.255.255.0
encapsulation frame-relay
frame-relay map ip 150.50.12.2 112 broadcast
no frame-relay inverse-arp
crypto map tedtag
ip route 0.0.0.0 0.0.0.0 150.50.12.2
access-list 101 permit ip 192.168.15.0 0.0.0.255 172.16.44.0 0.0.0.255
R2:interface Serial0.21 point-to-point
ip address 150.50.12.2 255.255.255.0
frame-relay interface-dlci 121
!
interface Serial0.24 point-to-point
ip address 150.50.24.2 255.255.255.0
frame-interface-dlci 124
ip route 172.16.44.0 255.255.255.0 150.50.24.4
ip route 192.168.15.0 255.255.255.0 150.50.12.1
R4:
crypto isakmp policy 10
authentication pre-share
crypto isakmp key abc123 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set ted-transforms esp-des esp-md5-hmac
!
crypto dynamic-map ted-map 10
set transform-set ted-transforms
match address 101
!
crypto map tedtag 10 ipsec-isakmp dynamic ted-map discover interface
Ethernet0 ip address 172.16.44.4 255.255.255.0 ! interface Serial0 ip
address 150.50.24.4 255.255.255.0 encapsulation frame-relay frame-relay
map ip 150.50.24.2 142 broadcast no frame-relay inverse-arp crypto map
tedtag ! access-list 101 permit ip 172.16.44.0 0.0.0.255 192.168.15.0
0.0.0.255 ip route 0.0.0.0 0.0.0.0 150.50.24.2
CONFIDENTIALITY NOTICE:
This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient or the employee or agent
responsible for delivering this message to the intended recipient, you are
hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited.
If you have received this communication in error, please notify us
immediately by email reply or by telephone and immediately delete this
message and any attachments. In the U.S. call us toll free at (800)
637-5843.
Spanish, French, French (Canada), Portuguese, Polish, German, Dutch,
Turkish, Russian, Japanese and Chinese:
http://www.admworld.com/confidentiality.htm
<http://www.admworld.com/confidentiality.htm> .
This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:51 GMT-3