Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ipsec between 2 1700 routers

Hi all, can anyone tell me how to create a simple ipsec tunnel between by 2 1700 routers in my lab, connected via serial.

8 REPLIES

Re: ipsec between 2 1700 routers

Hi Carl

Didn't the link I gave to you helped?

Regards

JD

Community Member

Re: ipsec between 2 1700 routers

Here is what you can configure on each router. One would be the mirror of the other.

Assuming using Loopback0 of each router as the IPSec tunnel peering point. Let's make up 2 loopbacks: 1.1.1.1 and 2.2.2.2 for Router 1 and 2.

On Router 1:

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key xxxxxxxxxx address 2.2.2.2

crypto ipsec transform-set MY-IPSEC esp-3des esp-sha-hmac

crypto map remote 5 ipsec-isakmp

set peer 2.2.2.2

set transform-set MY-IPSEC

match address MY-NETWORKS

ip access-list extended MY-NETWORKS

permit ip xxxx xxxx xxxx xxxx

Make sure the two routers knows each other's loopback. This will get the tunnel set up from the host network of router 1 to the host network of router 2.

Reverse source and destination on Router 2.

Community Member

Re: ipsec between 2 1700 routers

how would i make sure they know about each others loopback ? would I have to put a static route on each pointing to the serials ?

Community Member

Re: ipsec between 2 1700 routers

If you're dependent on the single serial link between the two routers, there is no need to tunnel to a loopback. Just use the serial interface.

Also, newer ios code allows you to apply the ipsec right on the tunnel interface. It's really slick. Set up the global crypto ipsec profile, then just apply the following command to your tunnel interface:

tunnel protection ipsec profile PROFILE_NAME

Community Member

Re: ipsec between 2 1700 routers

The easier way is just to use the serial interface addresses instead of the loopbacks. The two serial interfaces know each other as connected.

Let me know how that works out for you.

Gary

Re: ipsec between 2 1700 routers

Can we have IPSEC configured without using the AIM encryption Module ?

to my knowledge i dont think it is supported on the 1700s

regards

Narayan

Community Member

Re: ipsec between 2 1700 routers

how would we reach these loopbacks, would we need to point the loopback address to the serial on the other end ?

Re: ipsec between 2 1700 routers

It has to be advertised in your routing protocol if u are using any or use static routes

164
Views
0
Helpful
8
Replies
CreatePlease to create content