Solved: Multilink and encryption

don.click1 · ‎01-08-2009

Hey folks - just a quick question to confirm what I already think -

I am looking at installing a 2821 with 4 t1's in a multilink group. I am pretty sure I can enable encyrption on the multilink, but wanted to make sure.

The other end will be a Catalyst 6513 running 12.2(33)sxh3. This end's t1's would terminate in WS-X6582-2PA

We havent purchased the router, so IOS would probably be 12.4.

Thanks in advance!

chris.grammer · ‎01-08-2009

I believe your question is 'will encryption work with ppp multilink?'

I set this up in the lab because i didnt know either, but now i do :)

It works fine.

Here is the config i used

crypto isakmp policy 10

authentication pre-share

crypto isakmp key cisco123 address 10.10.12.1

!

crypto ipsec transform-set SET1 esp-des

!

crypto map MAP1 10 ipsec-isakmp

set peer 10.10.12.1

set transform-set SET1

match address R4->R3

!

interface Multilink1

ip address 10.10.12.2 255.255.255.0

ppp multilink

ppp multilink group 1

crypto map MAP1

interface Serial0/0

no ip address

encapsulation ppp

clock rate 2000000

ppp multilink

ppp multilink group 1

!

interface Serial0/1

no ip address

encapsulation ppp

shutdown

clock rate 2000000

ppp multilink

ppp multilink group 1

ip access-list extended R4->R3

permit ip host 4.4.4.4 host 3.3.3.3

R2#show crypto isakmp sa

dst src state conn-id slot status

10.10.12.1 10.10.12.2 QM_IDLE 1 0 ACTIVE

View solution in original post

Richard Burts · ‎01-08-2009

Don

When you talk about enabling encryption, are you talking about configuring IPSec to do the encryption, or is it something else? I do not have experience with it and so can not say for sure, but I do not believe that there is anything about multilink that would prevent doing IPSec to encrypt the traffic.

Does your 6513 have the IPSec VPN module in it? I believe that the 6500 needs the special module to support IPSec.

HTH

Rick

HTH

Rick

chris.grammer · ‎01-08-2009

I believe your question is 'will encryption work with ppp multilink?'

I set this up in the lab because i didnt know either, but now i do :)

It works fine.

Here is the config i used

crypto isakmp policy 10

authentication pre-share

crypto isakmp key cisco123 address 10.10.12.1

!

crypto ipsec transform-set SET1 esp-des

!

crypto map MAP1 10 ipsec-isakmp

set peer 10.10.12.1

set transform-set SET1

match address R4->R3

!

interface Multilink1

ip address 10.10.12.2 255.255.255.0

ppp multilink

ppp multilink group 1

crypto map MAP1

interface Serial0/0

no ip address

encapsulation ppp

clock rate 2000000

ppp multilink

ppp multilink group 1

!

interface Serial0/1

no ip address

encapsulation ppp

shutdown

clock rate 2000000

ppp multilink

ppp multilink group 1

ip access-list extended R4->R3

permit ip host 4.4.4.4 host 3.3.3.3

R2#show crypto isakmp sa

dst src state conn-id slot status

10.10.12.1 10.10.12.2 QM_IDLE 1 0 ACTIVE