How to encrypt traffic on Cisco 7600 / Catalyst 6500 Services SPA Carrier Card-400

Unanswered Question
Dec 15th, 2009

I need help for the following,

I have two 7600 between two location. I have installed  Cisco 7600 / Catalyst 6500 Services SPA Carrier Card-400 on both routers.

My intention I need to bring up the ISIS between the two routers as I have the requirement from the customer that traffic should be encrypted as this a 100 MB TLS circuit.

I mad a GRE tunnel and I want to bring my ISIS connectivity through this tunnel.

Below is the config,

crypto isakmp policy 25
hash md5
authentication pre-share
crypto isakmp key Dummy address 138.218.135.2
crypto isakmp invalid-spi-recovery
crypto isakmp profile test
   match identity address 138.218.135.2 255.255.255.255
   local-address GigabitEthernet1/23
!
!
crypto ipsec transform-set WWW ah-sha-hmac esp-aes 256
!
crypto map GRE local-address GigabitEthernet1/23
crypto map GRE 80 ipsec-isakmp
description test1
set peer 138.218.135.2
set security-association lifetime seconds 190
set transform-set WWW
set isakmp-profile test
match address 104

interface Tunnel10
ip address 57.57.57.1 255.255.255.252
ip router isis ABC

mpls ip
clns mtu 1400
isis metric 1000 level-2
isis authentication mode md5
isis authentication key-chain ABC-ISIS
no isis hello padding
tunnel source GigabitEthernet1/23
tunnel destination 138.218.135.2

!
interface GigabitEthernet1/23
description "To ISG2000-1 e1/3"
mtu 1600
ip address 138.218.135.1 255.255.255.252
speed 100
duplex full
mpls ip
no cdp enable
clns mtu 1400
crypto map GRE
end

Both router has the same config except the IP point to point ip, but I am unalbe to bring the link up.

Can anyone help me what I am doing wrong here or how I can configure correctly.

Please let me know.

Thanks,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion