Cisco 2600 802.1q sub interface and IPSEC

Unanswered Question
Jun 19th, 2009
User Badges:

Hi,


We are trying to set up a tunnel with a sub interface (but with no luck)and would like to know if some one has tried creating an ipsec tunnel using a sub interface in a cisco 2600.



Thx in advance,

subra

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Dennis Mink Fri, 06/19/2009 - 06:53
User Badges:
  • Blue, 1500 points or more

what is the issue and can you include the config?


Thanks

subra4u Fri, 06/19/2009 - 09:39
User Badges:

Hi,


Below is the requested config.......


sh run

Building configuration...

Current configuration : 2729 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

boot-start-marker

boot-end-marker

!


!

no ip subnet-zero

ip cef

!

!

no ip domain-lookup

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

!

crypto isakmp policy 20

encr 3des

authentication pre-share

group 2

crypto isakmp key dsfgf address 8.2.8.6

!

!

crypto ipsec transform-set TS1 esp-3des esp-sha-hmac

mode transport

!

crypto map cm1 20 ipsec-isakmp

set peer 8.2.8.68

set transform-set TS1

set pfs group2

match address 102

!

call rsvp-sync

!

!

!

!

!

!

!

!

interface Tunnel1

description **** RX ****

bandwidth 256

ip address 13.30.63.10 255.255.255.252

tunnel source FastEthernet0/0.756

tunnel destination 8.52.8.68

no clns route-cache

crypto map cm1

!

interface FastEthernet0/0

no ip address

no ip mroute-cache

duplex auto

speed auto

no cdp enable

no clns route-cache

!

interface FastEthernet0/0.50

encapsulation dot1Q 50

ip address 8.11.6.1 255.255.255.0

no cdp enable

!

interface FastEthernet0/0.756

encapsulation dot1Q 756

ip address 8.11.6.5 255.255.255.240

no cdp enable

crypto map cm1

!

Leo Laohoo Sun, 06/21/2009 - 16:01
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Where's the config of the remote router?

subra4u Mon, 06/22/2009 - 07:05
User Badges:

Hi,


Sorry. do not have access to the remote router. But a similar config works with a different router. the only difference is the other one has 2 different physical interface instead of 1.


here we are trying with a Dot1q tunneling on the main interface.


Please find the HW details below:


System image file is "flash:c2600-itpk9-mz.122-25.SW8.bin"



Cisco 2650XM (MPC860P) processor (revision 0x100) with 105472K/25600K bytes of memory.

Processor board ID JAD070203JW (3476809370)

M860 processor: part number 5, mask 2

1 FastEthernet interface

32K bytes of NVRAM.

49152K bytes of processor board System flash (Read/Write)


.756 interface is connecting the router to the public and .50 is the new network which has the server connected and reach the remote end over the vpn.




Please let me know if you need more info.


Actions

This Discussion