From: Niche (jackyliu419@gmail.com)
Date: Wed May 03 2006 - 03:04:56 ART
Hi Andre,
Try this in R6
crypto isakmp policy 10
hash md5
group 2
authentication pre-share
Cheers~
Jacky
On 5/2/06, Andre Scalco <andre.scalco@gmail.com> wrote:
> Guys,
>
> I'm trying to setup EZVPN Router to Router. Nothing fancy, straight back to
> back between two routers.
>
> Please see config below.
>
>
> EZVPN Server: R6
>
> aaa new-model
> !
> !
> aaa authorization network NADA local
> crypto isakmp policy 10
> hash md5
> authentication pre-share
> !
> crypto isakmp client configuration group MyVPN
> key tempo
> dns 195.1.111.53
> wins 195.1.111.54
> domain tempo.com
> pool Customer
> !
> crypto ipsec transform-set TSEC esp-des esp-md5-hmac
> !
> crypto dynamic-map DYNAMO 10
> set transform-set TSEC
> reverse-route
> !
> !
> crypto map SECURE isakmp authorization list NADA
> crypto map SECURE client configuration address respond
> crypto map SECURE 10 ipsec-isakmp dynamic DYNAMO
> !
> !
> ip local pool Customer 195.1.111.201 195.1.111.225
> !
> interface Serial0/0/0
> ip address 151.100.5.6 255.255.255.0
> crypto map SECURE
> !
> =====
> EZVPN Client: R7
> !
> crypto ipsec client ezvpn EZ
> connect auto
> group MyVPN key tempo
> mode client
> peer 151.100.5.6
> !
> !
> interface Loopback22
> ip address 10.22.22.22 255.255.255.0
> crypto ipsec client ezvpn EZ inside
> !
> interface SER0/0/0
> ip address 151.100.5.7 255.255.255.0
> crypto ipsec client ezvpn EZ
> !
> ===
>
> My Questions are:
>
> Shouldn't I be able to see ISAKMP SA established? I do show crypto isakm sa
> and I don't see anything in there. Also I'm kind of confuse of how to test
> it, should I ping from the client (R6 Lo22) to the Seri0/0/0 of the EZVPN
> Server?
>
> Appreciate any input
>
> Andre
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:20 ART