RE: VPN between loopbacks - GRE

From: Jens Petter (jenseike@start.no)
Date: Mon Nov 27 2006 - 02:42:04 ART

• Next message: Lab Rat #109385382: "ACL Discontiguous Network Matching Question"
• Previous message: Salman Abbas: "Re: VLAN"
• Maybe in reply to: Kal Han: "VPN between loopbacks - GRE"
• Next in thread: Kal Han: "Re: VPN between loopbacks - GRE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Crypto map should go directly on the tunnel interface, not physical or
loopback interface. That goes for both sides... Your "crypto map local"
command still goes
to the loopback...

 
Mvh
Jens Petter Eikeland
Mob 98247550
Hipercom AS

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Kal
Han
Sent: 27. november 2006 01:35
To: Groupstudy; Cisco certification
Subject: VPN between loopbacks - GRE

Hi

Im trying to configure vpn between two loopback interfaces
for gre traffic.
I set the tunnel source as loopback interface.
and applied my crypto map on the physical interface.
I am also using "crypto map loop local-address Loopback36"

In this case, my interesting traffic for VPN is gre
traffic from loopback - to - loopback.
*So why should I apply the crypto map on physical interface ?*
*Is it possible to apply the crypto map on the loopback interface*
*and bring the tunnel up* ? It didnt work for me.

R3#sh access-li 193
Extended IP access list 193
    20 permit gre 103.103.103.0 0.0.0.255 106.106.106.0 0.0.0.255 (398
matches)

R3#sh run int t0
Building configuration...

Current configuration : 122 bytes
!
interface Tunnel0
 ip address 36.36.36.3 255.255.255.0
 tunnel source Loopback36
 tunnel destination 106.106.106.6
end

R3#sh run int lo36
Building configuration...

Current configuration : 68 bytes
!
interface Loopback36
 ip address 103.103.103.3 255.255.255.0
end

R3#sh run int s0/0.6
Building configuration...

Current configuration : 180 bytes
!
interface Serial0/0.6 point-to-point
 ip address 195.1.136.3 255.255.255.0
 ip ospf message-digest-key 1 md5 cciesec
 ntp broadcast key 1
 frame-relay interface-dlci 306
 crypto map loop
end

R3#sh run
Building configuration...

Current configuration : 3953 bytes
!
! Last configuration change at 16:24:20 PST Sun Nov 26 2006
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
logging queue-limit 100
!
enable use-tacacs
enable last-resort succeed
memory-size iomem 15
clock timezone PST -8
ip subnet-zero
!
!
no ip domain lookup
!
ip audit notify log
ip audit po max-events 100
!
!
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
crypto isakmp key cciesec address 106.106.106.6
!
!
crypto ipsec transform-set ts esp-des esp-md5-hmac
!
crypto map loop local-address Loopback36
crypto map loop 10 ipsec-isakmp
 set peer 106.106.106.6
 set transform-set ts
 match address 193
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Loopback0
 ip address 33.33.33.33 255.255.255.0
!
interface Loopback36
 ip address 103.103.103.3 255.255.255.0
!
interface Loopback100
 ip address 100.3.3.3 255.255.255.0
!
interface Tunnel0
 ip address 36.36.36.3 255.255.255.0
 tunnel source Loopback36
 tunnel destination 106.106.106.6
!
interface FastEthernet0/0
 ip address 195.1.123.3 255.255.255.0
 ip ospf message-digest-key 1 md5 cciesec
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 encapsulation frame-relay IETF
 frame-relay lmi-type cisco
!
interface Serial0/0.4 point-to-point
 ip address 195.1.134.3 255.255.255.0
 ip ospf message-digest-key 1 md5 cciesec
 frame-relay interface-dlci 304
!
interface Serial0/0.5 point-to-point
 ip address 195.1.135.3 255.255.255.0
 ip ospf message-digest-key 1 md5 cciesec
 frame-relay interface-dlci 305
!
interface Serial0/0.6 point-to-point
 ip address 195.1.136.3 255.255.255.0
 ip ospf message-digest-key 1 md5 cciesec
 ntp broadcast key 1
 frame-relay interface-dlci 306
 crypto map loop
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router eigrp 123
 network 195.1.123.0
 distance eigrp 90 90
 no auto-summary
!
router eigrp 36
 network 36.36.36.0 0.0.0.255
 network 106.106.106.0 0.0.0.255
 distance eigrp 90 90
 no auto-summary
!
router ospf 1
 router-id 33.33.33.33
 log-adjacency-changes
 area 0 authentication message-digest
 area 4 authentication message-digest
 area 4 stub no-summary
 area 56 authentication message-digest
 area 56 nssa no-summary
 network 33.33.33.0 0.0.0.255 area 4
 network 103.103.103.0 0.0.0.255 area 56
 network 195.1.123.0 0.0.0.255 area 0
 network 195.1.134.0 0.0.0.255 area 4
 network 195.1.135.0 0.0.0.255 area 56
 network 195.1.136.0 0.0.0.255 area 56
!
router bgp 3
 no synchronization
 bgp log-neighbor-changes
 network 100.3.3.0 mask 255.255.255.0
 neighbor 195.1.134.4 remote-as 4
 neighbor 195.1.134.4 local-as 356
 neighbor 195.1.135.5 remote-as 5
 neighbor 195.1.135.5 maximum-prefix 1000 50
 neighbor 195.1.136.6 remote-as 6
 neighbor 195.1.136.6 route-map asprepend out
 no auto-summary
!
ip http server
no ip http secure-server
ip classless
!
!
!
ip prefix-list pix-inside seq 5 deny 172.16.0.0/16 le 32
!
access-list 1 permit 100.3.3.0 0.0.0.255
access-list 193 permit gre 103.103.103.0 0.0.0.255 106.106.106.0 0.0.0.255
!

• Next message: Lab Rat #109385382: "ACL Discontiguous Network Matching Question"
• Previous message: Salman Abbas: "Re: VLAN"
• Maybe in reply to: Kal Han: "VPN between loopbacks - GRE"
• Next in thread: Kal Han: "Re: VPN between loopbacks - GRE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART