RE: Basic IPsec VPN tunnel from Mohammad Mousa on 2013-05-07 (Ccielab archives 05/2013)

From: Mohammad Mousa <mohd-mousa_at_hotmail.com>
Date: Tue, 7 May 2013 04:16:19 +0000

Marc,

I've started recently studying for the NA security. I was
playing with the IPsec tunnel. This is for leaning purpose, it is not a
real deployment. Though, I did configure everything, the tunnel didn't
go up.

Any thoughts?

Thanks,

--
Mohammad Mousa
CCIE #36990
> Date: Mon, 6 May 2013 23:06:14 -0500
> Subject: Re: Basic IPsec VPN tunnel
> From: marcabel_at_gmail.com
> To: mohd-mousa_at_hotmail.com
> CC: ccielab_at_groupstudy.com
> 
> For troubleshooting purposes I would try broadening your access-list to
> include all traffic too and from your hosts. I've never done a vpn for only
> one type (port of traffic) as you are specifying. Are you sourcing your
> telnet from the loopback? Otherwise you aren't going to generate any
> interesting traffic to initiate the tunnel.
> 
> 
> On Mon, May 6, 2013 at 9:31 PM, Mohammad Mousa <mohd-mousa_at_hotmail.com>wrote:
> 
> > Hi Folks,
> >
> > I stuck in this while I've been practicing basic IPsec VPN tunnel on GNS3.
> > I've got this scenario. I have EIGRP up and running between all routers.
> > Connectivity has been established between R1& R3.
> >
> > R1(f0/0)------------R2-----------(f0/1)R3
> >
> > Here is my configs:
> >
> > R1
> > ---
> >
> > Phase 1 attributes:
> >
> > crypto isakmp policy 1
> > encr aes
> > hash md5
> > authentication pre-share
> > lifetime 3600
> > crypto isakmp key CISCO address 23.0.0.3 255.255.255.0
> >
> > Phase 2:
> >
> > crypto ipsec transform-set MYSET esp-aes esp-md5-hmac
> > crypto map MYSET 1 ipsec-isakmp
> > set peer 23.0.0.3
> > set transform-set MYSET
> > match address 100
> >
> > access-list 100 permit tcp 3.3.3.3 0.0.0.255 1.1.1.1 0.0.0.255 eq telnet
> >
> > int f0/0
> > crypto map MYSET
> >
> > R3
> > ---
> >
> > Phase 1 attributes:
> >
> > crypto isakmp policy 1
> > encr aes
> > hash md5
> > authentication pre-share
> > lifetime 3600
> > crypto isakmp key CISCO address 12.0.0.1 255.255.255.0
> >
> > Phase 2:
> >
> > crypto ipsec transform-set MYSET esp-aes esp-md5-hmac
> > crypto map MYSET 1 ipsec-isakmp
> > set peer 12.0.0.1
> > set transform-set MYSET
> > match address 100
> >
> > access-list 100 permit tcp 3.3.3.3 0.0.0.255 1.1.1.1 0.0.0.255 eq telnet
> >
> > int f0/1
> > crypto map MYSET
> >
> >
> > Any thoughts and advices will be highly appreciated!
> >
> > Thanks in advance
> >
> > --
> >
> > Mohammad Mousa
> > CCIE #36990
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
> 
> 
> -- 
> Marc Abel
> CCIE #35470
> (Routing and Switching)
> 
> 
> Blogs and organic groups at http://www.ccie.net
> 
> _______________________________________________________________________
> Subscription information may be found at: 
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net

Received on Tue May 07 2013 - 04:16:19 ART

This archive was generated by hypermail 2.2.0 : Mon Jun 03 2013 - 06:34:34 ART