GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: IPSec over Tunnel - not working !! [7:62124] posted 01/29/2003
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Hi,

First, you should apply the crypto to the physical an the logical
interfaces.

Second, define only gre traffic for the access-list

Third, try to change the IP MTU size because the fragmentation  (1440 or
lower ) or configure the interface command "ip ospf mtu-ignore "

Last of all, multicast traffic cannot be "normally" be encrypted, that is
the reason to use a GRE tunnel and then encrypt GRE traffic

Cheers,

Jose

""Claudio Spescha""  wrote in message
news:200301292054.UAA14716@xxxxxxxxxxxxxxxxx
> Hello
>
> You should not encrypt the tunnel network itself.
> First line of access-list 199 should be: access-list 199 deny ip
120.20.59.0
> 0.0.0.255 120.20.59.0 0.0.0.255
> The router can not build an OSPF adjacency on encrypted traffic.
>
> see you
> Claudio




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62141&t=62124
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx