IPSEC Challenge Problem [7:17844]

Cisco Lover Thu, 30 Aug 2001 03:54:33 -0700
Guys,

The objective of the  problem I m going to explain you is to encrypt ONLY 
TELNET traffic b/w these two routers.

THe main problem I m facing is that IM not able to do this by implementing 
specific host lists that permits only telnet traffic from one to another 
host..Like

access-list 101 permit tcp host A host B eq telnet.

The only way I can run this is by using normal list allowing complete 
traffic b/w these two hosts.Please have a look and let me know if u find any 
problem in my config.

Thanks.

ISDN1#sh crypto engine connections ac
ISDN1#sh crypto engine connections active

  ID Interface       IP-Address      State  Algorithm           Encrypt  
Decrypt

   1                     set    HMAC_MD5+DES_56_CB        0      
   0

   2                     set    HMAC_MD5+DES_56_CB        0      
   0

2000 Serial0/0       135.25.11.1     set    HMAC_MD5+DES_56_CB        0      
  54

2001 Serial0/0       135.25.11.1     set    HMAC_MD5+DES_56_CB       40      
   0


ISDN1#sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ISDN1
!
enable password cisco
!
!
!
!
!
memory-size iomem 7
ip subnet-zero
ip telnet source-interface Loopback0
no ip domain-lookup
!
isdn voice-call-failure 0
cns event-service server
!
!
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key hello address 135.25.11.2 255.255.255.255
crypto isakmp key hello address 135.25.3.1 255.255.255.255
!
!
crypto ipsec transform-set cisco esp-des esp-md5-hmac
!
!
crypto map CCIE local-address Loopback0
crypto map CCIE 10 ipsec-isakmp
set peer 135.25.11.2
set peer 135.25.3.1
set transform-set cisco
match address 101
!
!
!
!
interface Loopback0
ip address 135.25.4.1 255.255.255.255
no ip directed-broadcast
!
interface FastEthernet0/0
no ip address
no ip directed-broadcast
shutdown
duplex auto
speed auto
!
interface Serial0/0
ip address 135.25.11.1 255.255.255.0
no ip directed-broadcast
no ip mroute-cache
no fair-queue
crypto map CCIE
!
interface BRI0/0
no ip address
no ip directed-broadcast
shutdown
isdn guard-timer 0 on-expiry accept
!
interface FastEthernet0/1
no ip address
no ip directed-broadcast
shutdown
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 135.25.11.2
no ip http server
!
access-list 101 permit ip host 135.25.4.1 host 135.25.3.1
!
!
voice-port 1/0/0
!
voice-port 1/0/1
!
voice-port 1/1/0
!
voice-port 1/1/1
!
!
!
line con 0
password cisco
transport input none
line aux 0
line vty 0 4
password cisco
login
!



hostname ISDN2
!
enable password cisco
!
!
!
!
!
ip subnet-zero
ip telnet source-interface Loopback0
no ip domain-lookup
!
isdn voice-call-failure 0
cns event-service server
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key hello address 135.25.11.1
crypto isakmp key hello address 135.25.4.1
!
!
crypto ipsec transform-set cisco esp-des esp-md5-hmac
!
!
crypto map CCIE local-address Loopback0
crypto map CCIE 10 ipsec-isakmp
set peer 135.25.11.1
set peer 135.25.4.1
set transform-set cisco
match address 101
partition flash 2 16 8
!
!
!
!
!
!
!
interface Loopback0
ip address 135.25.3.1 255.255.255.255
no ip directed-broadcast
!
interface Ethernet0/0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial0/0
no ip address
no ip directed-broadcast
shutdown
!
interface BRI0/0
no ip address
no ip directed-broadcast
shutdown
isdn guard-timer 0 on-expiry accept
!
interface Ethernet0/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/1
ip address 135.25.11.2 255.255.255.0
no ip directed-broadcast
clockrate 64000
crypto map CCIE
!
interface Serial1/2
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/3
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/4
ip address 135.25.12.1 255.255.255.0
no ip directed-broadcast
!
interface Serial1/5
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/6
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/7
no ip address
no ip directed-broadcast
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 135.25.11.1
no ip http server
!
access-list 101 permit ip host 135.25.3.1 host 135.25.4.1
!
!
line con 0
exec-timeout 0 0
password cisco
transport input none
line aux 0
line vty 0 4
password cisco
login
!
end

ISDN2#




_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=17844&t=17844
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPSEC Challenge Problem [7:17844]

Reply via email to
