Re: IPsec - what is wrong with this config? [7:52865]

Sun, 08 Sep 2002 20:01:28 -0700 

Hi Neal,

You may wanna try this:
Apply the crypto map into the "Tunnel0 and the outside interface"
CMIAW

Best Regards,
HATO


>From: "Neal Rauhauser" 
>Reply-To: "Neal Rauhauser" 
>To: [EMAIL PROTECTED]
>Subject: IPsec - what is wrong with this config? [7:52865]
>Date: Sat, 7 Sep 2002 23:41:15 GMT
>
>I have two 1750s sharing an ethernet hub - just trying to get IPsec on
>a tunnel between ethernet interfaces and I am having trouble. This
>config seems close but I don't know what to do next
>
>
>Here is the error I am getting when I try to ping the opposite end of
>the tunnel
>
>01:05:29: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
>01:05:29: ISAKMP (0:1): incrementing error counter on sa: retransmit
>phase 1
>01:05:29: ISAKMP (1): sending packet to 192.168.6.50 (I) MM_NO_STATE.
>
>-- this router is at the bottom of a three router stack
>crypto isakmp policy 1
>  authentication pre-share
>crypto isakmp key duh address 192.168.6.51
>!
>!
>crypto ipsec transform-set MIDDLE ah-sha-hmac esp-des
>!
>crypto key pubkey-chain rsa
>  named-key middle
>   key-string
>    305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00D081DF
>26BC7013
>    448EA3D2 5C0853FA E0E01770 06D6C4FE A57B165A 4BC25F0E 5FD517B1
>12EEA345
>    8C9CC44E DCDC705E AB6327F9 81868B14 CB2294F1 304611A2 A7020301 0001
>   quit
>  addressed-key 192.168.6.51
>   address 192.168.6.51
>   key-string
>    305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00D081DF
>26BC7013
>    448EA3D2 5C0853FA E0E01770 06D6C4FE A57B165A 4BC25F0E 5FD517B1
>12EEA345
>    8C9CC44E DCDC705E AB6327F9 81868B14 CB2294F1 304611A2 A7020301 0001
>   quit
>  !
>  crypto map MIDDLE2 local-address Tunnel0
>  crypto map MIDDLE2 10 ipsec-isakmp
>  set peer 192.168.6.51
>  set transform-set MIDDLE
>  match address middle
>
>interface Tunnel0
>  ip address 192.168.6.50 255.255.255.0
>  tunnel source 192.168.1.50
>  tunnel destination 192.168.1.51
>  tunnel mode ipip
>  crypto map MIDDLE2
>!
>interface FastEthernet0
>  ip address 192.168.1.50 255.255.255.0
>  speed auto
>
>
>--- this router is in the middle of a three router stack
>
>crypto isakmp policy 1
>  authentication pre-share
>crypto isakmp key duh address 192.168.6.50
>!
>!
>crypto ipsec transform-set BOTTOM ah-sha-hmac esp-des
>!
>crypto key pubkey-chain rsa
>  named-key bottom
>   key-string
>    305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00B941FA
>8C44F60C
>    76199B3E DADDA933 F5EA1118 9F9410B0 E097836F 166FDC84 3FD06FA0
>338E77AE
>    F32142F4 D750F4F0 31844B70 099DD8B2 6F8753D7 70BD2BBA 03020301 0001
>   quit
>  addressed-key 192.168.1.50
>   address 192.168.1.50
>   key-string
>    305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00B941FA
>8C44F60C
>    76199B3E DADDA933 F5EA1118 9F9410B0 E097836F 166FDC84 3FD06FA0
>338E77AE
>    F32142F4 D750F4F0 31844B70 099DD8B2 6F8753D7 70BD2BBA 03020301 0001
>   quit
>  !
>  crypto map BOTTOM2 local-address Tunnel0
>  crypto map BOTTOM2 10 ipsec-isakmp
>  set peer 192.168.6.50
>  set transform-set BOTTOM
>  match address bottom
>interface Tunnel0
>  ip address 192.168.6.51 255.255.255.0
>  tunnel source 192.168.1.51
>  tunnel destination 192.168.1.50
>  tunnel mode ipip
>  crypto map BOTTOM2
>!
>interface Serial0
>  ip address 192.168.3.1 255.255.255.0
>  clockrate 1000000
>!
>interface FastEthernet0
>  ip address 192.168.1.51 255.255.255.0
>  speed auto
>
>
>
>
>--
>Neal Rauhauser CCNP, CCDP                      voice: 402-301-9555
>mailto:[EMAIL PROTECTED]                    fcc  : k0bsd
>"I've seen the angels wearing their disguise,
>ordinary people leading ordinary lives" - Tracy Chapman
_________________________________________________________________
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=52906&t=52865
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to