RE: ipsec set up [7:32130]

Tue, 15 Jan 2002 23:08:45 -0800 

Daniel- I'm sure it can't be done with only one Ethernet Interface alone...
even if you trunked the ethernet interface to a Switch and ran two Vlans
that connected (routed) back together via another router (which would push
the question of "what's the point").

But, Maybe a Loopback interface could suffice.

Just a suggestion... as I'm still learning the ins-n-outs of IPSEC tunnels
myself.

Mark Odette II

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Daniel Kekai
Sent: Tuesday, January 15, 2002 11:57 PM
To: [EMAIL PROTECTED]
Subject: ipsec set up [7:32130]


Maybe someone can help me out. I have to configure ipsec on a cisco 2600. My
company wants to use this for a vpn to one of our partners. My question is
how do I configure this using only one ethernet port. (that's all that is on
the 2600 we have)

I came up with the following configs for both ends: (not sure if I can do it
on one interface)

side-- A:

        crypto isakmp policy 1
                authentication pre-share
                hash md5
                group 2
        lifetime 43200

        crypto isakmp key TEST address 209.111.111.28
        crypto ipsec transform-set SETNAME esp-3des esp-md5-hmac
        crypto map vpnmap 10 ipsec-isakmp
                set peer 209.111.111.28
                set transform-set form0
                match address 101

        interface fastEthernet A_inside
                ip address 199.199.75.x  255.255.255.x
        interface fastEthernet A_outside
                ip address 199.199.75.51 255.255.255.192
                crypto map ourvpnmap
        access-list 101 permit ip 199.199.75.128 0.0.0.63 209.111.111.32
0.0.0.31



side-- B:

        crypto isakmp policy 1
                authentication pre-share
                hash md5
                group 2
                lifetime 43200

        crypto isakmp key TEST address 199.199.75.51
        crypto ipsec transform-set SETNAME esp-3des esp-md5-hmac
        crypto map vpnmap 10 ipsec-isakmp
                set peer 199.199.75.51
                set transform-set form0
                match address 101

        interface fastEthernet B_inside
                ip address 209.111.111.x  255.255.255.x
        interface fastEthernet B_outside
                ip address 209.111.111.28 255.255.255.224
                crypto map ourvpnmap
        access-list 101 permit ip 209.111.111.32 0.0.0.31 199.199.75.128
0.0.0.63

any help would be appreciated...

thanks
-d


_________________________________________________________________
Join the worlds largest e-mail service with MSN Hotmail.
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32132&t=32130
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to