Re: TED

From: Jaspreet Bhatia (jasbhati@xxxxxxxxx)
Date: Tue Apr 09 2002 - 14:19:05 GMT-3

• Next message: Clemons, Dane W.: "Dlsw Lite"
• Previous message: Craig Columbus: "Re: Lab Tomorrow! Need Help"
• Maybe in reply to: Gregg Malcolm: "TED"
• Next in thread: Gregg Malcolm: "Re: TED"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hello Ted,
                          I have gotten TED to work at my end . Here are
the working configs

ROUTER A

RouterA#sh run
Building configuration...

Current configuration : 1222 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname RouterA
!
!
!
!
!
!
ip subnet-zero
!
!
!
crypto isakmp policy 1
  hash md5
  authentication pre-share
  group 2
crypto isakmp key cisco address 0.0.0.0
!
!
crypto ipsec transform-set myset esp-des esp-md5-hmac
!
crypto dynamic-map dynamicmap 10
  set transform-set myset
  match address 101
!
!
crypto map map1 10 ipsec-isakmp dynamic dynamicmap discover
!
!
!
!
!
!
interface Ethernet0/0
  ip address 135.25.1.1 255.255.255.252
  crypto map map1
!
interface Ethernet0/1
  ip address 135.25.3.1 255.255.255.0
  no keepalive
!
interface BRI1/0
  no ip address
  shutdown
!
interface BRI1/1
  no ip address
  shutdown
!
interface BRI1/2
  no ip address
  shutdown
!
interface BRI1/3
  no ip address
  shutdown
!
interface BRI1/4
  no ip address
  shutdown
!
interface BRI1/5
  no ip address
  shutdown
!
interface BRI1/6
  no ip address
  shutdown
!
interface BRI1/7
  no ip address
  shutdown
!
router ospf 1
  log-adjacency-changes
  network 135.25.0.0 0.0.255.255 area 0
!
ip classless
ip http server
!
access-list 101 permit ip 135.25.3.0 0.0.0.255 135.25.4.0 0.0.0.255
!
!
!
line con 0
line aux 0
line vty 0 4
!
end

ROUTER B

RouterB#sh run
Building configuration...

Current configuration : 1379 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname RouterB
!
!
ip subnet-zero
!
!
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
crypto isakmp policy 1
  hash md5
  authentication pre-share
  group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set myset esp-des esp-md5-hmac
!
crypto dynamic-map dynamicmap 10
  set transform-set myset
  match address 101
!
!
crypto map mymap 10 ipsec-isakmp dynamic dynamicmap discover
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface Ethernet0/0
  ip address 135.25.1.2 255.255.255.252
  half-duplex
  crypto map mymap
!
interface TokenRing0/0
  ip address 135.25.4.1 255.255.255.0
  ring-speed 16
!
interface Serial1/0
  no ip address
  shutdown
!
interface Serial1/1
  no ip address
  shutdown
!
interface Serial1/2
  no ip address
  shutdown
!
interface Serial1/3
  no ip address
  shutdown
!
interface Serial1/4
  no ip address
  shutdown
!
interface Serial1/5
  no ip address
  shutdown
!
interface Serial1/6
  no ip address
  shutdown
!
interface Serial1/7
  no ip address
  shutdown
!
router ospf 1
  log-adjacency-changes
  network 135.25.0.0 0.0.255.255 area 0
!
ip classless
ip http server
ip pim bidir-enable
!
access-list 101 permit ip 135.25.4.0 0.0.0.255 135.25.3.0 0.0.0.255
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
end

Hope this helps

Jaspreet

At 12:46 AM 4/9/2002 -0700, Gregg Malcolm wrote:
>Folks,
>
>Does anyone have a working example of TED ? I haven't seen it mentioned much
>on the list, but I wanted to make sure that I can get it to work. I browsed
>the archives and found a similar symptom to mine but no solution. My problem
>is that 'debug cry ipsec" gives me the following error : IPSEC(sa_initiate):
>ACL = deny; sa request ignored. I do not believe that my problem is ACL
>related however. Also, I can ping between the serials and I trying to secure
>the tok0 on r1 and the e0 on r6.
>
>I can make the configs work w/o TED. Maybe someone has experienced something
>similar. Here are the 2 router config's :
>
>Thanks, Gregg
>
>r1
>wrt
>
>!
>crypto isakmp policy 10
> authentication pre-share
>crypto isakmp key abc123 address 0.0.0.0 0.0.0.0
>!
>crypto ipsec transform-set secure1 esp-des esp-md5-hmac
>!
>crypto dynamic-map dyn 10
> set transform-set secure1
> match address 101
>!
>crypto map secure 500 ipsec-isakmp dynamic dyn discover
>!
>interface Serial1
> ip address 150.20.12.1 255.255.255.0
> crypto map secure
>!
>interface TokenRing0
> ip address 150.20.10.1 255.255.255.0
> ring-speed 16
>!
>access-list 101 permit ip 150.20.10.0 0.0.0.255 150.20.50.0 0.0.0.255
>access-list 101 permit icmp 150.20.10.0 0.0.0.255 150.20.50.0 0.0.0.255
>
>R6
>
>r6#wrt
>
>!
>crypto isakmp policy 10
> authentication pre-share
>crypto isakmp key abc123 address 0.0.0.0 0.0.0.0
>!
>crypto ipsec transform-set secure1 esp-des esp-md5-hmac
>!
>crypto dynamic-map dyn 10
> set transform-set secure1
> match address 101
>!
>crypto map secure 500 ipsec-isakmp dynamic dyn discover
>!
>interface Serial0
> ip address 150.20.100.6 255.255.255.224
> encapsulation frame-relay
> ip ospf network broadcast
> ip ospf priority 0
> ipx network 100
> ipx output-network-filter 801
> no fair-queue
> clockrate 2000000
> dce-terminal-timing-enable
> frame-relay map ipx 100.0010.7b7f.5b9a 601 broadcast
> frame-relay map ipx 100.0060.476c.3e3c 601 broadcast
> frame-relay map ip 150.20.100.2 601 broadcast
> frame-relay map ip 150.20.100.4 601 broadcast
> frame-relay map ip 150.20.100.5 601 broadcast
> frame-relay map ipx 100.0000.0c87.05ca 601 broadcast
> frame-relay lmi-type ansi
> crypto map secure
>!
>access-list 101 permit ip 150.20.50.0 0.0.0.255 150.20.10.0 0.0.0.255
>access-list 101 permit icmp 150.20.50.0 0.0.0.255 150.20.10.0 0.0.0.255

• Next message: Clemons, Dane W.: "Dlsw Lite"
• Previous message: Craig Columbus: "Re: Lab Tomorrow! Need Help"
• Maybe in reply to: Gregg Malcolm: "TED"
• Next in thread: Gregg Malcolm: "Re: TED"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:01 GMT-3