01-08-2009 07:49 AM - edited 03-04-2019 03:23 AM
Hey folks - just a quick question to confirm what I already think -
I am looking at installing a 2821 with 4 t1's in a multilink group. I am pretty sure I can enable encyrption on the multilink, but wanted to make sure.
The other end will be a Catalyst 6513 running 12.2(33)sxh3. This end's t1's would terminate in WS-X6582-2PA
We havent purchased the router, so IOS would probably be 12.4.
Thanks in advance!
Solved! Go to Solution.
01-08-2009 08:52 AM
I believe your question is 'will encryption work with ppp multilink?'
I set this up in the lab because i didnt know either, but now i do :)
It works fine.
Here is the config i used
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco123 address 10.10.12.1
!
!
crypto ipsec transform-set SET1 esp-des
!
crypto map MAP1 10 ipsec-isakmp
set peer 10.10.12.1
set transform-set SET1
match address R4->R3
!
!
!
!
interface Multilink1
ip address 10.10.12.2 255.255.255.0
ppp multilink
ppp multilink group 1
crypto map MAP1
interface Serial0/0
no ip address
encapsulation ppp
clock rate 2000000
ppp multilink
ppp multilink group 1
!
interface Serial0/1
no ip address
encapsulation ppp
shutdown
clock rate 2000000
ppp multilink
ppp multilink group 1
ip access-list extended R4->R3
permit ip host 4.4.4.4 host 3.3.3.3
R2#show crypto isakmp sa
dst src state conn-id slot status
10.10.12.1 10.10.12.2 QM_IDLE 1 0 ACTIVE
01-08-2009 08:05 AM
Don
When you talk about enabling encryption, are you talking about configuring IPSec to do the encryption, or is it something else? I do not have experience with it and so can not say for sure, but I do not believe that there is anything about multilink that would prevent doing IPSec to encrypt the traffic.
Does your 6513 have the IPSec VPN module in it? I believe that the 6500 needs the special module to support IPSec.
HTH
Rick
01-08-2009 08:52 AM
I believe your question is 'will encryption work with ppp multilink?'
I set this up in the lab because i didnt know either, but now i do :)
It works fine.
Here is the config i used
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco123 address 10.10.12.1
!
!
crypto ipsec transform-set SET1 esp-des
!
crypto map MAP1 10 ipsec-isakmp
set peer 10.10.12.1
set transform-set SET1
match address R4->R3
!
!
!
!
interface Multilink1
ip address 10.10.12.2 255.255.255.0
ppp multilink
ppp multilink group 1
crypto map MAP1
interface Serial0/0
no ip address
encapsulation ppp
clock rate 2000000
ppp multilink
ppp multilink group 1
!
interface Serial0/1
no ip address
encapsulation ppp
shutdown
clock rate 2000000
ppp multilink
ppp multilink group 1
ip access-list extended R4->R3
permit ip host 4.4.4.4 host 3.3.3.3
R2#show crypto isakmp sa
dst src state conn-id slot status
10.10.12.1 10.10.12.2 QM_IDLE 1 0 ACTIVE
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide