GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: IPsec for tunnel source and dest posted 11/17/2000
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


I think you should apply crypto map to the incoming physical interface as CET. I will try it then...

----- Original Message ----- 
From: Daniel Ji <jix@xxxxxxxxxx>
To: CCIE Lab Mailing list <ccielab@xxxxxxxxxxxxxx>
Sent: Friday, November 17, 2000 7:21 AM
Subject: IPsec for tunnel source and dest 


> Hello:
> Can I put tunnel source to destination flow in Crypto map "match" access
> list? I tried that but it doesn't seem to work. My config as below, is it
> wrong or I just can't do that? Please help.
> 
> Thanks a lot!
> Daniel
> 
> ------------------------------------------------------------------------
> crypto isakmp policy 10
>  authentication pre-share
> crypto isakmp key ccie address 10.1.2.1
> !
> !
> crypto ipsec transform-set myset esp-des esp-sha-hmac
> !
> crypto map mysecmap 10 ipsec-isakmp
>  set peer 10.1.2.1
>  set transform-set myset
>  match address 100
> !
> !
> !
> !
> interface Loopback0
>  ip address 10.1.1.1 255.255.255.0
> !
> interface Tunnel0
>  ip address 10.1.18.1 255.255.255.0
>  tunnel source 10.1.1.1
>  tunnel destination 10.1.2.1
>  crypto map mysecmap
> !
> interface Ethernet0/0
>  ip address 207.104.210.182 255.255.255.128
> !
> access-list 100 permit ip 10.1.18.0 0.0.0.255 10.1.18.0 0.0.0.255
> access-list 100 permit ip host 10.1.1.1 host 10.1.2.1
> !
> ----------------------------------------------------------------------------
> ---------------------------------
> 
> 
> _______________________________________________________
> To unsubscribe from the CCIELAB list, send a message to
> majordomo@xxxxxxxxxxxxxx with the body containing:
> unsubscribe ccielab
> 

_______________________________________________________
To unsubscribe from the CCIELAB list, send a message to
majordomo@xxxxxxxxxxxxxx with the body containing:
unsubscribe ccielab