09-17-2008 08:22 PM - edited 03-03-2019 11:35 PM
Dear All Expert,
Could you helpe to answer my question?
i would like to connect HQ link to branch by lease line.So the traffice(all data) i would like to
use encrypt 3des..but i don't know command for use 3des
Note: not VPN connection
If you have sample configuration or web site please let me know :)
Best Regards,
Rechard
09-17-2008 09:13 PM
Is it not internet link ?
Hey Rechard, what's the need of using 3DES on leased line, which is not carrying internet traffic ??
09-17-2008 10:29 PM
dear Satish,
Thanks you for your replay!!!
not internet link just bridge only.
i need use 3DES because i want my data very security!!!
Let me tell you my diagram:
(HQ)LAN->Router->RadModem(by ethernet)->cloud->RadModem(By ethernet)->Router-Lan(Branch)
Best Regards,
Norung
09-17-2008 11:35 PM
LOCAL Router
!
ip access-list extended JAMESBOND-IPSec
permit ip
!
crypto isakmp policy 100
encr 3des
authentication pre-share
crypto isakmp key jamesbond007 address
crypto isakmp keepalive 10
!
crypto ipsec transform-set JAMESBONDset ah-sha-hmac esp-3des
!
crypto map JAMESBONDmap 100 ipsec-isakmp
set peer
set transform-set JAMESBONDset
match address JAMESBOND-IPSec
!
interface
ip address
crypto map JAMESBONDmap
REMOTE Router
!
ip access-list extended JAMESBOND-IPSec
permit ip
!
crypto isakmp policy 100
encr 3des
authentication pre-share
crypto isakmp key jamesbond007 address
crypto isakmp keepalive 10
!
crypto ipsec transform-set JAMESBONDset ah-sha-hmac esp-3des
!
crypto map JAMESBONDmap 100 ipsec-isakmp
set peer
set transform-set JAMESBONDset
match address JAMESBOND-IPSec
!
interface
ip address
crypto map JAMESBONDmap
NOTE: Do not include the Serial Interface IP Address in ACL so you can perform connectivity testing between the two routers without initiating the IPSec. If you are using dynamic routing (i.e. OSPF) do not include their router-ID in the ACL as well.
09-22-2008 07:11 PM
dear medan,
Thank you for you advice and simple configuration ....
After i read your configuration that you gave me i think that your configure is VPN right?
I don't want use VPN connection I mean that i want to do Point to Point connection like VPN but not use VPN i just want connection that encryption like VPN only!!!!!
could you advice!!! :)
Best Regards,
Rechard_david
09-23-2008 06:46 PM
Dear Medan/all expert,
Do you have command on this case/
Best Regards,
Rechard_david
09-24-2008 06:16 AM
If you don't want VPN which encrypt all communication (if configured) between your HQ and Branch, which application or task you want to encrypt?
For example, for data transfer, instead of using FTP or Windows File Sharing, you can SSH.
Depends in your expertise, to some, host-to-host encryption configuration is many times painful than configuring it in the router. Configuring it in a router is a one-for-all solution while configuring it host-to-host is a vendor specific configuration. See sample between Linux hosts http://www.linuxpackages.net/gen_pdf.php?file=ipsec.html
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: