Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.
desai.jaideep Wed, 07/12/2006 - 03:33
User Badges:
  • Gold, 750 points or more

Hi Carl

Didn't the link I gave to you helped?



gwhuang5398 Wed, 07/12/2006 - 06:23
User Badges:

Here is what you can configure on each router. One would be the mirror of the other.

Assuming using Loopback0 of each router as the IPSec tunnel peering point. Let's make up 2 loopbacks: and for Router 1 and 2.

On Router 1:

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key xxxxxxxxxx address

crypto ipsec transform-set MY-IPSEC esp-3des esp-sha-hmac

crypto map remote 5 ipsec-isakmp

set peer

set transform-set MY-IPSEC

match address MY-NETWORKS

ip access-list extended MY-NETWORKS

permit ip xxxx xxxx xxxx xxxx

Make sure the two routers knows each other's loopback. This will get the tunnel set up from the host network of router 1 to the host network of router 2.

Reverse source and destination on Router 2.

carl_townshend Wed, 07/12/2006 - 07:56
User Badges:

how would i make sure they know about each others loopback ? would I have to put a static route on each pointing to the serials ?

dhillyard Wed, 07/12/2006 - 10:44
User Badges:

If you're dependent on the single serial link between the two routers, there is no need to tunnel to a loopback. Just use the serial interface.

Also, newer ios code allows you to apply the ipsec right on the tunnel interface. It's really slick. Set up the global crypto ipsec profile, then just apply the following command to your tunnel interface:

tunnel protection ipsec profile PROFILE_NAME

gwhuang5398 Thu, 07/13/2006 - 09:13
User Badges:

The easier way is just to use the serial interface addresses instead of the loopbacks. The two serial interfaces know each other as connected.

Let me know how that works out for you.


royalblues Thu, 07/13/2006 - 20:32
User Badges:
  • Green, 3000 points or more

Can we have IPSEC configured without using the AIM encryption Module ?

to my knowledge i dont think it is supported on the 1700s



carl_townshend Fri, 07/14/2006 - 02:07
User Badges:

how would we reach these loopbacks, would we need to point the loopback address to the serial on the other end ?

royalblues Fri, 07/14/2006 - 02:16
User Badges:
  • Green, 3000 points or more

It has to be advertised in your routing protocol if u are using any or use static routes


This Discussion