lease line use encryption 3des

rechard_david · ‎09-17-2008

Dear All Expert,

Could you helpe to answer my question?

i would like to connect HQ link to branch by lease line.So the traffice(all data) i would like to

use encrypt 3des..but i don't know command for use 3des

Note: not VPN connection

If you have sample configuration or web site please let me know :)

Best Regards,

Rechard

satish_zanjurne · ‎09-17-2008

Is it not internet link ?

Hey Rechard, what's the need of using 3DES on leased line, which is not carrying internet traffic ??

rechard_david · ‎09-17-2008

dear Satish,

Thanks you for your replay!!!

not internet link just bridge only.

i need use 3DES because i want my data very security!!!

Let me tell you my diagram:

(HQ)LAN->Router->RadModem(by ethernet)->cloud->RadModem(By ethernet)->Router-Lan(Branch)

Best Regards,

Norung

Danilo Dy · ‎09-17-2008

LOCAL Router

!

ip access-list extended JAMESBOND-IPSec

permit ip

!

crypto isakmp policy 100

encr 3des

authentication pre-share

crypto isakmp key jamesbond007 address

crypto isakmp keepalive 10

!

crypto ipsec transform-set JAMESBONDset ah-sha-hmac esp-3des

!

crypto map JAMESBONDmap 100 ipsec-isakmp

set peer

set transform-set JAMESBONDset

match address JAMESBOND-IPSec

!

interface

ip address

crypto map JAMESBONDmap

REMOTE Router

!

ip access-list extended JAMESBOND-IPSec

permit ip

!

crypto isakmp policy 100

encr 3des

authentication pre-share

crypto isakmp key jamesbond007 address

crypto isakmp keepalive 10

!

crypto ipsec transform-set JAMESBONDset ah-sha-hmac esp-3des

!

crypto map JAMESBONDmap 100 ipsec-isakmp

set peer

set transform-set JAMESBONDset

match address JAMESBOND-IPSec

!

interface

ip address

crypto map JAMESBONDmap

NOTE: Do not include the Serial Interface IP Address in ACL so you can perform connectivity testing between the two routers without initiating the IPSec. If you are using dynamic routing (i.e. OSPF) do not include their router-ID in the ACL as well.

rechard_david · ‎09-22-2008

dear medan,

Thank you for you advice and simple configuration ....

After i read your configuration that you gave me i think that your configure is VPN right?

I don't want use VPN connection I mean that i want to do Point to Point connection like VPN but not use VPN i just want connection that encryption like VPN only!!!!!

could you advice!!! :)

Best Regards,

Rechard_david

rechard_david · ‎09-23-2008

Dear Medan/all expert,

Do you have command on this case/

Best Regards,

Rechard_david

Danilo Dy · ‎09-24-2008

If you don't want VPN which encrypt all communication (if configured) between your HQ and Branch, which application or task you want to encrypt?

For example, for data transfer, instead of using FTP or Windows File Sharing, you can SSH.

Depends in your expertise, to some, host-to-host encryption configuration is many times painful than configuring it in the router. Configuring it in a router is a one-for-all solution while configuring it host-to-host is a vendor specific configuration. See sample between Linux hosts http://www.linuxpackages.net/gen_pdf.php?file=ipsec.html