GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Fw: TED posted 04/09/2002
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Forgot one thing...If anyone is interested, here is a sh ver (same on both
2500 routers) :
r6#sh ver

Cisco Internetwork Operating System Software

IOS (tm) 2500 Software (C2500-JOS56I-L), Version 12.1(5)T10,

----- Original Message -----
From: Gregg Malcolm
To: ccielab@xxxxxxxxxxxxxx
Sent: Tuesday, April 09, 2002 12:46 AM
Subject: TED


Folks,

Does anyone have a working example of TED ?  I haven't seen it mentioned much
on the list, but I wanted to make sure that I can get it to work.  I browsed
the archives and found a similar symptom to mine but no solution.  My problem
is that 'debug cry ipsec" gives me the following error :  IPSEC(sa_initiate):
ACL = deny; sa request ignored.  I do not believe that my problem is ACL
related however. Also, I can ping between the serials and I trying to secure
the tok0 on r1 and the e0 on r6.

I can make the configs work w/o TED.  Maybe someone has experienced something
similar.  Here are the 2 router config's :

Thanks,  Gregg

r1
wrt

!
crypto isakmp policy 10
 authentication pre-share
crypto isakmp key abc123 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set secure1 esp-des esp-md5-hmac
!
crypto dynamic-map dyn 10
 set transform-set secure1
 match address 101
!
crypto map secure 500 ipsec-isakmp dynamic dyn discover
!
interface Serial1
 ip address 150.20.12.1 255.255.255.0
 crypto map secure
!
interface TokenRing0
 ip address 150.20.10.1 255.255.255.0
 ring-speed 16
!
access-list 101 permit ip 150.20.10.0 0.0.0.255 150.20.50.0 0.0.0.255
access-list 101 permit icmp 150.20.10.0 0.0.0.255 150.20.50.0 0.0.0.255

R6

r6#wrt

!
crypto isakmp policy 10
 authentication pre-share
crypto isakmp key abc123 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set secure1 esp-des esp-md5-hmac
!
crypto dynamic-map dyn 10
 set transform-set secure1
 match address 101
!
crypto map secure 500 ipsec-isakmp dynamic dyn discover
!
interface Serial0
 ip address 150.20.100.6 255.255.255.224
 encapsulation frame-relay
 ip ospf network broadcast
 ip ospf priority 0
 ipx network 100
 ipx output-network-filter 801
 no fair-queue
 clockrate 2000000
 dce-terminal-timing-enable
 frame-relay map ipx 100.0010.7b7f.5b9a 601 broadcast
 frame-relay map ipx 100.0060.476c.3e3c 601 broadcast
 frame-relay map ip 150.20.100.2 601 broadcast
 frame-relay map ip 150.20.100.4 601 broadcast
 frame-relay map ip 150.20.100.5 601 broadcast
 frame-relay map ipx 100.0000.0c87.05ca 601 broadcast
 frame-relay lmi-type ansi
 crypto map secure
!
access-list 101 permit ip 150.20.50.0 0.0.0.255 150.20.10.0 0.0.0.255
access-list 101 permit icmp 150.20.50.0 0.0.0.255 150.20.10.0 0.0.0.255
_________________________________________________________________
Commercial lab list: http://www.groupstudy.com/list/commercial.html
Please discuss commercial lab solutions on this list.
__________________________________________________________________
To unsubscribe from the CCIELAB list, send a message to
majordomo@xxxxxxxxxxxxxx with the body containing:
unsubscribe ccielab