Re: ipsec set up [7:32130]

Wed, 16 Jan 2002 17:24:59 -0800 

Daniel,

You can also do this with a "tunnel" interface and a "loopback"
interface on the router, but that will also depend on what you will
be terminating your IPSec/ISAKMP peer to.  I hope this helps,
if you have any questions please ask.

              - jek


"Daniel Kekai"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Maybe someone can help me out. I have to configure ipsec on a cisco 2600.
My
> company wants to use this for a vpn to one of our partners. My question is
> how do I configure this using only one ethernet port. (that's all that is
on
> the 2600 we have)
>
> I came up with the following configs for both ends: (not sure if I can do
it
> on one interface)
>
> side-- A:
>
>         crypto isakmp policy 1
>                 authentication pre-share
>                 hash md5
>                 group 2
>         lifetime 43200
>
>         crypto isakmp key TEST address 209.111.111.28
>         crypto ipsec transform-set SETNAME esp-3des esp-md5-hmac
>         crypto map vpnmap 10 ipsec-isakmp
>                 set peer 209.111.111.28
>                 set transform-set form0
>                 match address 101
>
>         interface fastEthernet A_inside
>                 ip address 199.199.75.x  255.255.255.x
>         interface fastEthernet A_outside
>                 ip address 199.199.75.51 255.255.255.192
>                 crypto map ourvpnmap
>         access-list 101 permit ip 199.199.75.128 0.0.0.63 209.111.111.32
> 0.0.0.31
>
>
>
> side-- B:
>
>         crypto isakmp policy 1
>                 authentication pre-share
>                 hash md5
>                 group 2
>                 lifetime 43200
>
>         crypto isakmp key TEST address 199.199.75.51
>         crypto ipsec transform-set SETNAME esp-3des esp-md5-hmac
>         crypto map vpnmap 10 ipsec-isakmp
>                 set peer 199.199.75.51
>                 set transform-set form0
>                 match address 101
>
>         interface fastEthernet B_inside
>                 ip address 209.111.111.x  255.255.255.x
>         interface fastEthernet B_outside
>                 ip address 209.111.111.28 255.255.255.224
>                 crypto map ourvpnmap
>         access-list 101 permit ip 209.111.111.32 0.0.0.31 199.199.75.128
> 0.0.0.63
>
> any help would be appreciated...
>
> thanks
> -d
>
>
> _________________________________________________________________
> Join the worlds largest e-mail service with MSN Hotmail.
> http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32238&t=32130
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to