RE: IPsec problem

From: Steve McNutt (lpd@xxxxxxxxxxxxxxxx)
Date: Wed Nov 15 2000 - 20:52:41 GMT-3

• Next message: Sanjay Bhakta: "Re: IP Mobile"
• Previous message: Steve McNutt: "RE: IPsec problem"
• Maybe in reply to: Rob Barton: "IPsec problem"
• Next in thread: Simon Baxter: "RE: IPsec problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
   umm, I munged the access lists for r2 when I was deleting extra config
   out for emailing. just cut and paste the ones from r1, they are
   identical.
   
   -----Original Message-----
   From: Steve McNutt [mailto:lpd@jacksonville.net]
   Sent: Wednesday, November 15, 2000 6:47 PM
   To: Rob Barton; Simon Baxter
   Cc: Ccielab
   Subject: RE: IPsec problem
   
   Is this what you mean? the tunnel terminates at the loopbacks, and
   all 10.x.x.x traffic flowing across the gre tunnel will get encrypted.
   
   
   
   -s
   
   
   
   !
   hostname r1
   !
   crypto isakmp policy 10
    authentication pre-share
   crypto isakmp key ccie address 172.16.20.1
   !
   !
   crypto ipsec transform-set tunnelset esp-des esp-sha-hmac
   !
   crypto map tor2 10 ipsec-isakmp
    set peer 172.16.20.1
    set transform-set tunnelset
    match address 100
   !
   !
   interface Loopback0
    ip address 172.16.10.1 255.255.255.0
   !
   interface Loopback1
    ip address 10.1.2.1 255.255.255.0
   !
   interface Tunnel0
    ip address 10.2.1.1 255.255.255.0
    tunnel source Loopback0
    tunnel destination 172.16.20.1
    crypto map tor2
   !
   interface Ethernet0
    ip address 172.16.1.1 255.255.255.0
    crypto map tor2
   !
   router rip
    network 10.0.0.0
    network 172.16.0.0
    distribute-list 1 out Ethernet0
    distribute-list 2 out Tunnel0
   !
   access-list 1 permit 172.16.0.0 0.0.255.255
   access-list 1 permit 10.0.0.0 0.255.255.255
   access-list 100 permit ip 10.0.0.0 0.255.255.255 10.0.0.0
   0.255.255.255
   !
   end
   
   
   
   !
   hostname r2
   !
   !
   crypto isakmp policy 10
    authentication pre-share
   crypto isakmp key ccie address 172.16.10.1
   !
   !
   crypto ipsec transform-set tunnelset esp-des esp-sha-hmac
   !
   crypto map tor1 10 ipsec-isakmp
    set peer 172.16.10.1
    set transform-set tunnelset
    match address 100
   !
   !
   interface Loopback0
    ip address 172.16.20.1 255.255.255.0
   !
   interface Loopback1
    ip address 10.1.4.1 255.255.255.0
   !
   interface Tunnel0
    ip address 10.2.1.2 255.255.255.0
    tunnel source Loopback0
    tunnel destination 172.16.10.1
    crypto map tor1
   !
   interface FastEthernet0/0
    ip address 172.16.1.2 255.255.255.0
    duplex auto
    speed auto
    crypto map tor1
   !
   router rip
    network 10.0.0.0
    network 172.16.0.0
    distribute-list 1 out FastEthernet0/0
    distribute-list 2 out Tunnel0
   !
   end
   
   
   
   -----Original Message-----
   From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
   Rob Barton
   Sent: Wednesday, November 15, 2000 2:46 PM
   To: Simon Baxter
   Cc: Ccielab
   Subject: RE: IPsec problem
   
   I am running IPsec over a GRE tunnel.
   
   
   
   Still no luck.
   
   
   
   - Rob.
   
   

• Next message: Sanjay Bhakta: "Re: IP Mobile"
• Previous message: Steve McNutt: "RE: IPsec problem"
• Maybe in reply to: Rob Barton: "IPsec problem"
• Next in thread: Simon Baxter: "RE: IPsec problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:45 GMT-3