RE: ipsec set up [7:32130]

Wed, 16 Jan 2002 15:22:32 -0800 

Daniel,

You can do this with trunking two vlans. I hope you have fast ethernet port.

-Keyur Shah-
CCIE# 4799 (Security; Routing and Switching)
css1,ccna,ccda,scsa,scna,mct,mcse,mcp+i,mcp,cni,mcne,cne,cna
Hello Computers
"Say Hello to Your Future!"
http://www.hellocomputers.com
Toll-Free: 1.877.794.3556 
Fremont: 510.795.6815 
Santa Clara: 408.496.0801 
Europe: +(44)20 7900 3011 
Fax: 510.291.2250
 


-----Original Message-----
From: Daniel Kekai [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, January 15, 2002 9:57 PM
To: [EMAIL PROTECTED]
Subject: ipsec set up [7:32130]


Maybe someone can help me out. I have to configure ipsec on a cisco 2600. My

company wants to use this for a vpn to one of our partners. My question is 
how do I configure this using only one ethernet port. (that's all that is on

the 2600 we have)

I came up with the following configs for both ends: (not sure if I can do it

on one interface)

side-- A:

        crypto isakmp policy 1
                authentication pre-share
                hash md5
                group 2
        lifetime 43200

        crypto isakmp key TEST address 209.111.111.28
        crypto ipsec transform-set SETNAME esp-3des esp-md5-hmac
        crypto map vpnmap 10 ipsec-isakmp
                set peer 209.111.111.28
                set transform-set form0
                match address 101

        interface fastEthernet A_inside
                ip address 199.199.75.x  255.255.255.x
        interface fastEthernet A_outside
                ip address 199.199.75.51 255.255.255.192
                crypto map ourvpnmap
        access-list 101 permit ip 199.199.75.128 0.0.0.63 209.111.111.32 
0.0.0.31



side-- B:

        crypto isakmp policy 1
                authentication pre-share
                hash md5
                group 2
                lifetime 43200

        crypto isakmp key TEST address 199.199.75.51
        crypto ipsec transform-set SETNAME esp-3des esp-md5-hmac
        crypto map vpnmap 10 ipsec-isakmp
                set peer 199.199.75.51
                set transform-set form0
                match address 101

        interface fastEthernet B_inside
                ip address 209.111.111.x  255.255.255.x
        interface fastEthernet B_outside
                ip address 209.111.111.28 255.255.255.224
                crypto map ourvpnmap
        access-list 101 permit ip 209.111.111.32 0.0.0.31 199.199.75.128 
0.0.0.63

any help would be appreciated...

thanks
-d


_________________________________________________________________
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32229&t=32130
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to