cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
490
Views
0
Helpful
8
Replies

ipsec between 2 1700 routers

carl_townshend
Spotlight
Spotlight

Hi all, can anyone tell me how to create a simple ipsec tunnel between by 2 1700 routers in my lab, connected via serial.

8 Replies 8

desai.jaideep
Level 5
Level 5

Hi Carl

Didn't the link I gave to you helped?

Regards

JD

Here is what you can configure on each router. One would be the mirror of the other.

Assuming using Loopback0 of each router as the IPSec tunnel peering point. Let's make up 2 loopbacks: 1.1.1.1 and 2.2.2.2 for Router 1 and 2.

On Router 1:

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key xxxxxxxxxx address 2.2.2.2

crypto ipsec transform-set MY-IPSEC esp-3des esp-sha-hmac

crypto map remote 5 ipsec-isakmp

set peer 2.2.2.2

set transform-set MY-IPSEC

match address MY-NETWORKS

ip access-list extended MY-NETWORKS

permit ip xxxx xxxx xxxx xxxx

Make sure the two routers knows each other's loopback. This will get the tunnel set up from the host network of router 1 to the host network of router 2.

Reverse source and destination on Router 2.

how would i make sure they know about each others loopback ? would I have to put a static route on each pointing to the serials ?

If you're dependent on the single serial link between the two routers, there is no need to tunnel to a loopback. Just use the serial interface.

Also, newer ios code allows you to apply the ipsec right on the tunnel interface. It's really slick. Set up the global crypto ipsec profile, then just apply the following command to your tunnel interface:

tunnel protection ipsec profile PROFILE_NAME

The easier way is just to use the serial interface addresses instead of the loopbacks. The two serial interfaces know each other as connected.

Let me know how that works out for you.

Gary

Can we have IPSEC configured without using the AIM encryption Module ?

to my knowledge i dont think it is supported on the 1700s

regards

Narayan

how would we reach these loopbacks, would we need to point the loopback address to the serial on the other end ?

It has to be advertised in your routing protocol if u are using any or use static routes

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco