GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: IPSEC problem [7:113285] posted 09/04/2006
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Hereby a working ipsec config, which i made last week for a customer, fully 
tested and working,
hope you can fix your problem with it.

rgds,\
R. Boussebaa

crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
 crypto isakmp key XXXXXXXX address xx.xx.xx.xx
!
!
crypto ipsec transform-set ipsec-tunnel-sap esp-3des esp-md5-hmac
!
crypto map ipsec-tunnel-sap local-address Dialer 0  (source address of 
dialer0)
crypto map ipsec-tunnel-sap 10 ipsec-isakmp
 description SAP ISP BByond
 set peer xxx.xx.xx.xx
 set transform-set ipsec-tunnel-sap
 set pfs group2
 match address IPSEC_tunnel_SAP
!

interface Dialer0
crypto map ipsec-tunnel-sap

!
ip access-list extended IPSEC_tunnel_SAP
 permit ip 10.1.0.0 0.0.0.255 192.168.50.0 0.0.0.255 (ip range of peer)
 permit ip 10.1.0.0 0.0.0.255 host xx.xx.xx.xx. (peer address


----- Original Message ----- 
From: "Amol Sapkal" 
To: 
Sent: Monday, September 04, 2006 11:39 AM
Subject: Re: IPSEC problem [7:113285]


> Yes, encryption ( and hash  too) needs to be mentioned.
>
> Something like:
>
> crypto isakmp policy 100
> crypto isakmp key ****** address 1.2.3.4
> group 1
>  authentication pre-share
> encryption des (or 3des)
>
>
>
> HTH,
> Amol
>
>
> On 9/4/06, Amol Sapkal  wrote:
>>
>>  Hi,
>>
>>
>>
>>  On 9/4/06, Rich Hernandez  wrote:
>> >
>> > My crypto policy looks like this. Note the "encr 3des" and "group 2"
>>
>>
>>
>>  I don't think that is necessary. It will automatically default to "group
>> 1", if not explicitly mentioned.
>>
>>
>>
>>
>>
>> You may have to add these.  Other than that your config looks OK. I'm not
>> > using tunnels though and there may be something needed that I don't 
>> > use.
>> >
>> > Good luck.
>>
>> crypto isakmp policy 1
>> > encr 3des
>> > authentication pre-share
>> > group 2
>> --
>> Warm regards,
>>
>> Amol Sapkal
>>
>> -------------------------------------------------------------------
>> "When I'm not in my right mind, my left mind
>> gets pretty crowded"
>> -------------------------------------------------------------------
>>
>
>
>
> -- 
> Warm regards,
>
> Amol Sapkal
>
> -------------------------------------------------------------------
> "When I'm not in my right mind, my left mind
> gets pretty crowded"
> -------------------------------------------------------------------
Disclaimer
************************************************************************
Aan dit bericht kunnen geen rechten worden ontleend. Dit bericht is
uitsluitend bestemd voor de geadresseerde. Als u dit bericht per abuis
hebt ontvangen, wordt u verzocht het te vernietigen en de afzender te
informeren. Wij adviseren u om bij twijfel over de juistheid of de
volledigheid van de mail contact met afzender op te nemen.

This message shall not constitute any rights or obligations.
This message is intended solely for the addressee.
If you have received this message in error, please delete it and
notify the sender immediately. When in doubt whether this message
is correct or complete, please contact the sender.
************************************************************************




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=113330&t=113285
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html