07-12-2006 03:13 AM - edited 03-03-2019 04:01 AM
Hi all, can anyone tell me how to create a simple ipsec tunnel between by 2 1700 routers in my lab, connected via serial.
07-12-2006 03:33 AM
Hi Carl
Didn't the link I gave to you helped?
Regards
JD
07-12-2006 06:23 AM
Here is what you can configure on each router. One would be the mirror of the other.
Assuming using Loopback0 of each router as the IPSec tunnel peering point. Let's make up 2 loopbacks: 1.1.1.1 and 2.2.2.2 for Router 1 and 2.
On Router 1:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxxxxxx address 2.2.2.2
crypto ipsec transform-set MY-IPSEC esp-3des esp-sha-hmac
crypto map remote 5 ipsec-isakmp
set peer 2.2.2.2
set transform-set MY-IPSEC
match address MY-NETWORKS
ip access-list extended MY-NETWORKS
permit ip xxxx xxxx xxxx xxxx
Make sure the two routers knows each other's loopback. This will get the tunnel set up from the host network of router 1 to the host network of router 2.
Reverse source and destination on Router 2.
07-12-2006 07:56 AM
how would i make sure they know about each others loopback ? would I have to put a static route on each pointing to the serials ?
07-12-2006 10:44 AM
If you're dependent on the single serial link between the two routers, there is no need to tunnel to a loopback. Just use the serial interface.
Also, newer ios code allows you to apply the ipsec right on the tunnel interface. It's really slick. Set up the global crypto ipsec profile, then just apply the following command to your tunnel interface:
tunnel protection ipsec profile PROFILE_NAME
07-13-2006 09:13 AM
The easier way is just to use the serial interface addresses instead of the loopbacks. The two serial interfaces know each other as connected.
Let me know how that works out for you.
Gary
07-13-2006 08:32 PM
Can we have IPSEC configured without using the AIM encryption Module ?
to my knowledge i dont think it is supported on the 1700s
regards
Narayan
07-14-2006 02:07 AM
how would we reach these loopbacks, would we need to point the loopback address to the serial on the other end ?
07-14-2006 02:16 AM
It has to be advertised in your routing protocol if u are using any or use static routes
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide