Re: ipsec set up [7:32130]

Mike Fountain Wed, 16 Jan 2002 05:00:12 -0800

Well, one thing I notice is that your map is called "vpnmap" but your
interface calls "ourvpnmap" and your transform set name is SETNAME, but your
map calls for form0 -  (although it may just be a typo on the example and
not in the router)


If you only have one ethernet, how are you specifying fastethernet_A inside
and fastethernet_A outside?  If you are set up to call the right map, and
have only one IP on your ethernet interface, it looks like this should work

If it doesn't, one thing you could try is to use sub-ineterfaces on your
ethernet interface and 802.1q trunking to a switch.  But, that will only
work if the 2600 is not your WAN device that the customer is coming in on.
----- Original Message -----
From: "Daniel Kekai" 
To: 
Sent: Wednesday, January 16, 2002 12:56 AM
Subject: ipsec set up [7:32130]


> Maybe someone can help me out. I have to configure ipsec on a cisco 2600.
My
> company wants to use this for a vpn to one of our partners. My question is
> how do I configure this using only one ethernet port. (that's all that is
on
> the 2600 we have)
>
> I came up with the following configs for both ends: (not sure if I can do
it
> on one interface)
>
> side-- A:
>
>         crypto isakmp policy 1
>                 authentication pre-share
>                 hash md5
>                 group 2
>         lifetime 43200
>
>         crypto isakmp key TEST address 209.111.111.28
>         crypto ipsec transform-set SETNAME esp-3des esp-md5-hmac
>         crypto map vpnmap 10 ipsec-isakmp
>                 set peer 209.111.111.28
>                 set transform-set form0
>                 match address 101
>
>         interface fastEthernet A_inside
>                 ip address 199.199.75.x  255.255.255.x
>         interface fastEthernet A_outside
>                 ip address 199.199.75.51 255.255.255.192
>                 crypto map ourvpnmap
>         access-list 101 permit ip 199.199.75.128 0.0.0.63 209.111.111.32
> 0.0.0.31
>
>
>
> side-- B:
>
>         crypto isakmp policy 1
>                 authentication pre-share
>                 hash md5
>                 group 2
>                 lifetime 43200
>
>         crypto isakmp key TEST address 199.199.75.51
>         crypto ipsec transform-set SETNAME esp-3des esp-md5-hmac
>         crypto map vpnmap 10 ipsec-isakmp
>                 set peer 199.199.75.51
>                 set transform-set form0
>                 match address 101
>
>         interface fastEthernet B_inside
>                 ip address 209.111.111.x  255.255.255.x
>         interface fastEthernet B_outside
>                 ip address 209.111.111.28 255.255.255.224
>                 crypto map ourvpnmap
>         access-list 101 permit ip 209.111.111.32 0.0.0.31 199.199.75.128
> 0.0.0.63
>
> any help would be appreciated...
>
> thanks
> -d
>
>
> _________________________________________________________________
> Join the worlds largest e-mail service with MSN Hotmail.
> http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32146&t=32130
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ipsec set up [7:32130]

Reply via email to