Router to Router Ipsec (RSA Key) cisco 1841

Unanswered Question
Mar 2nd, 2009
User Badges:

Hi,

Connecting between two routers for Ipsec VPN.

How to generate the RSA Key for session. The configuration is as follows.




ROUTER A


crypto key pubkey-chain rsa

named-key [email protected]

key-string

quit

username manju password 0 cisco

!

!

!

crypto isakmp policy 1

authentication rsa-encr

crypto isakmp identity hostname

crypto isakmp keepalive 20 5

!

!

crypto ipsec transform-set airtel esp-des esp-sha-hmac

mode transport

!

!

!

crypto map airtel 10 ipsec-isakmp

set peer 10.97.37.1

set transform-set airtel

match address 101

!

!

!

!

!

interface Tunnel0

ip address 10.10.10.2 255.255.255.0

ip mtu 1420

tunnel source FastEthernet0/0

tunnel destination 10.97.37.1

crypto map airtel

!


interface FastEthernet0/0

description $ETH-LAN$

ip address 172.26.8.1 255.255.255.0

duplex auto

speed auto

no cdp enable

crypto map airtel

!


interface Serial0/1/0

ip address 192.168.10.2 255.255.255.0

ip virtual-reassembly

clock rate 2000000

!

router eigrp 10

redistribute static

network 10.0.0.0

network 172.26.0.0

network 192.168.10.0

no auto-summary

!



ROUTER B


crypto key pubkey-chain rsa

named-key [email protected]

key-string

quit

!

!

!

crypto isakmp policy 1

authentication rsa-encr

crypto isakmp identity hostname

crypto isakmp keepalive 20 5

!

!

crypto ipsec transform-set airtel esp-des esp-sha-hmac

mode transport

!

crypto map airtel 10 ipsec-isakmp

set peer 172.26.8.1

set transform-set airtel

match address 101

!

!

!

!

interface Tunnel0

ip address 10.10.10.1 255.255.255.0

ip mtu 1420

tunnel source FastEthernet0/1

tunnel destination 172.26.8.1

crypto map airtel


!

interface FastEthernet0/1

ip address 10.97.37.1 255.255.255.0

duplex auto

speed auto

crypto map airtel

!

router eigrp 10

network 10.10.10.0 0.0.0.255

network 10.97.37.0 0.0.0.255

no auto-summary

!

ip default-gateway 10.97.37.254

ip route 10.10.10.0 255.255.255.0 10.97.37.252

ip route 172.26.8.0 255.255.255.0 10.97.37.252

ip route 192.168.10.0 255.255.255.0 10.97.37.252


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
adamclarkuk_2 Mon, 03/02/2009 - 05:27
User Badges:
  • Silver, 250 points or more

Hi


You need to generate an RSA key pair for this using the command :-


crypto key generate rsa usage-keys label modulus


You will need to set a domain name on the device first using the command :-


ip domain name


These keys can then be used for signing and encryption


To view the keys, use :-


sh crypto key mypubkey rsa

ntmanjunath Mon, 03/02/2009 - 21:53
User Badges:

Hi,


I set the domain name (netsol.com) and I generated the RSA Key in both the routers.What is the next command for establishing the session between two routers.


view the keys:-


AIRTEL-DELHI#sh crypto key mypubkey rsa

% Key pair was generated at: 23:15:07 Chennai Mar 2 2009

Key name: netsol.com

Storage Device: not specified

Usage: Signature Key

Key is not exportable.

Key Data:

3054300D 06092A86 4886F70D 01010105 00034300 30400239 03A4ABC5 402E4D46

7DB113D1 B11656BC 71E17BBC 2EA53D73 4EE7CA01 6A10A2F8 82EDA544 CE74EB6C

2D44EB37 57F51F25 0A68BB34 267765D0 C7020301 0001

% Key pair was generated at: 23:15:08 Chennai Mar 2 2009

Key name: netsol.com

Storage Device: not specified

Usage: Encryption Key

Key is not exportable.

Key Data:

3054300D 06092A86 4886F70D 01010105 00034300 30400239 02D8598E CAF6C7DF

A80BEE6C 52AED8B6 9994E464 15B41D58 EE7252A3 7F7588EA 27D6A516 E013A1BA

11E8DF19 91268B04 1088C357 41584863 8B020301 0001

% Key pair was generated at: 23:15:08 Chennai Mar 2 2009

Key name: netsol.com.server

Temporary key

Usage: Encryption Key

Key is not exportable.

Key Data:

307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00E6826B 79E43452

B8DCEA79 9BE0A951 70FA4512 BC9138CB F10196A5 22E823D0 29D7FE80 78C620A1

32782865 8B07AAB2 8DD13E44 EA3197BA 72F8A559 7AC187E2 1D25950B E4AE3E72

9B2077D3 5CC9B19D D5514832 23CB8B09 B9C1C68E 1F916437 F9020301 0001


Actions

This Discussion