Re: *Mar 1 01:38:13.295: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE from Sadiq Yakasai on 2010-07-05 (Ccielab archives 07/2010)

From: Sadiq Yakasai <sadiqtanko_at_gmail.com>
Date: Mon, 5 Jul 2010 17:56:00 +0100

On R4, can you make these more specific (/32 and not /24)?

crypto isakmp key keynya address 20.0.0.5 255.255.255.255
crypto isakmp key kuncikunci address 20.0.0.6 255.255.255.255

Let us know what happens...

HTH,
Sadiq

On Mon, Jul 5, 2010 at 5:34 PM, Taufik Kurniawan <ktaufik_at_gmail.com> wrote:

> Can anybody help why ?
>
>
> R4
>
> crypto isakmp policy 1
> encr 3des
> authentication pre-share
> group 2
> !
> crypto isakmp policy 2
> encr aes 256
> authentication pre-share
> group 5
> crypto isakmp key keynya address 20.0.0.5 255.255.255.0
> crypto isakmp key kuncikunci address 20.0.0.6 255.255.255.0
> !
> !
> crypto ipsec transform-set transetnya esp-3des esp-sha-hmac
> crypto ipsec transform-set transet3 esp-aes 256 esp-sha-hmac
> !
> crypto ipsec profile profile3
> set transform-set transet3
> !
> crypto ipsec profile profilenya
> set transform-set transetnya
> !
> interface Loopback0
> ip address 202.155.40.1 255.255.255.0
> !
> interface Tunnel45
> ip address 202.155.0.9 255.255.255.252
> tunnel source FastEthernet0/0
> tunnel destination 20.0.0.5
> tunnel mode ipsec ipv4
> tunnel protection ipsec profile profilenya
> !
> interface Tunnel46
> ip address 202.155.0.13 255.255.255.252
> tunnel source FastEthernet0/0
> tunnel destination 20.0.0.6
> tunnel mode ipsec ipv4
> tunnel protection ipsec profile profile3
> !
> interface FastEthernet0/0
> ip address 20.0.0.4 255.255.255.0
> duplex auto
> speed auto
> !
>
>
> R5
> crypto isakmp policy 1
> encr 3des
> authentication pre-share
> group 2
> crypto isakmp key keynya address 20.0.0.4 255.255.255.0
> !
> !
> crypto ipsec transform-set transetnya esp-3des esp-sha-hmac
> !
> crypto ipsec profile profilenya
> set transform-set transetnya
> !
> !
> !
> !
> !
> !
> !
> !
> interface Loopback0
> ip address 202.155.50.1 255.255.255.0
> !
> interface Tunnel0
> ip address 202.155.0.10 255.255.255.252
> tunnel source FastEthernet0
> tunnel destination 20.0.0.4
> tunnel mode ipsec ipv4
> tunnel protection ipsec profile profilenya
> !
>
> R6
>
> !
> crypto isakmp policy 2
> encr aes 256
> authentication pre-share
> group 5
> crypto isakmp key kuncikunci address 20.0.0.4 255.255.255.0
> !
> !
> crypto ipsec transform-set transet3 esp-aes 256 esp-sha-hmac
> !
> crypto ipsec profile profile3
> set transform-set transet3
> !
> !
> !
> !
> !
> !
> !
> !
> interface Tunnel0
> ip address 202.155.0.14 255.255.255.252
> tunnel source FastEthernet0
> tunnel destination 20.0.0.4
> tunnel mode ipsec ipv4
> tunnel protection ipsec profile profile3
> !
> interface Ethernet0
> no ip address
> shutdown
> half-duplex
> !
> interface FastEthernet0
> ip address 20.0.0.6 255.255.255.0
> speed auto
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
CCIE #19963
Blogs and organic groups at http://www.ccie.net

Received on Mon Jul 05 2010 - 17:56:00 ART

This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 19:19:15 ART