Multilink and encryption

Answered Question
Jan 8th, 2009
User Badges:

Hey folks - just a quick question to confirm what I already think -


I am looking at installing a 2821 with 4 t1's in a multilink group. I am pretty sure I can enable encyrption on the multilink, but wanted to make sure.


The other end will be a Catalyst 6513 running 12.2(33)sxh3. This end's t1's would terminate in WS-X6582-2PA

We havent purchased the router, so IOS would probably be 12.4.


Thanks in advance!

Correct Answer by chris.grammer about 8 years 3 months ago

I believe your question is 'will encryption work with ppp multilink?'


I set this up in the lab because i didnt know either, but now i do :)


It works fine.


Here is the config i used


crypto isakmp policy 10

authentication pre-share

crypto isakmp key cisco123 address 10.10.12.1

!

!

crypto ipsec transform-set SET1 esp-des

!

crypto map MAP1 10 ipsec-isakmp

set peer 10.10.12.1

set transform-set SET1

match address R4->R3

!

!

!

!

interface Multilink1

ip address 10.10.12.2 255.255.255.0

ppp multilink

ppp multilink group 1

crypto map MAP1


interface Serial0/0

no ip address

encapsulation ppp

clock rate 2000000

ppp multilink

ppp multilink group 1

!


interface Serial0/1

no ip address

encapsulation ppp

shutdown

clock rate 2000000

ppp multilink

ppp multilink group 1


ip access-list extended R4->R3

permit ip host 4.4.4.4 host 3.3.3.3


R2#show crypto isakmp sa

dst src state conn-id slot status

10.10.12.1 10.10.12.2 QM_IDLE 1 0 ACTIVE







  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Richard Burts Thu, 01/08/2009 - 08:05
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Don


When you talk about enabling encryption, are you talking about configuring IPSec to do the encryption, or is it something else? I do not have experience with it and so can not say for sure, but I do not believe that there is anything about multilink that would prevent doing IPSec to encrypt the traffic.


Does your 6513 have the IPSec VPN module in it? I believe that the 6500 needs the special module to support IPSec.


HTH


Rick

Correct Answer
chris.grammer Thu, 01/08/2009 - 08:52
User Badges:

I believe your question is 'will encryption work with ppp multilink?'


I set this up in the lab because i didnt know either, but now i do :)


It works fine.


Here is the config i used


crypto isakmp policy 10

authentication pre-share

crypto isakmp key cisco123 address 10.10.12.1

!

!

crypto ipsec transform-set SET1 esp-des

!

crypto map MAP1 10 ipsec-isakmp

set peer 10.10.12.1

set transform-set SET1

match address R4->R3

!

!

!

!

interface Multilink1

ip address 10.10.12.2 255.255.255.0

ppp multilink

ppp multilink group 1

crypto map MAP1


interface Serial0/0

no ip address

encapsulation ppp

clock rate 2000000

ppp multilink

ppp multilink group 1

!


interface Serial0/1

no ip address

encapsulation ppp

shutdown

clock rate 2000000

ppp multilink

ppp multilink group 1


ip access-list extended R4->R3

permit ip host 4.4.4.4 host 3.3.3.3


R2#show crypto isakmp sa

dst src state conn-id slot status

10.10.12.1 10.10.12.2 QM_IDLE 1 0 ACTIVE







Actions

This Discussion