Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSec tunnell

Hi

I want to encrypt a particular traffic flowing between two routers. The router are conected over serail liks.Can you please give some sample doc..

thanks

6 REPLIES
Gold

Re: IPSec tunnell

Hello Murugan,

Please check the following document for your question:

>

http://www.psionic.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html

Thanks -

Bronze

Re: IPSec tunnell

If that list of links is a bit overwhelming, have a look at http://www.psionic.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080194650.shtml

This explains router-to-router ipsec using pre-shared keys (be sure to use something other than "cisco123" as the key) and AES encryption (more performant than 3DES, unless you have 3DES in hardware).

hth

Herbert

New Member

Re: IPSec tunnell

Can i use this configuration sample for any router model. I 'm having 2 3660 router with

regards

Bronze

Re: IPSec tunnell

Should be no problem (of course you need an IOS with crypto support), just be sure to apply the "crypto map" on your serials (instead of the ethernets in the example) and adjust the IP addresses and networks to suit your network.

One other thing to note is that the access-list (used by the crypto map) always needs to be the mirror image of the other router's access-list.

success with the implementation,

Herbert

New Member

Re: IPSec tunnell

Since you will need an IPSec image on your routers, you will need to check on how much Flash and memory they currently have. Usually 3660 routers come with 32/8 MB [DRAM/Flash] configuration whereas you will need 64/16 MB configuration for IPSec images. I would recommend the 12.3(2T)-IP/IPSec/3DES image.

How many users and what type of applications will the IPSec tunnel support? You may want to consider installing the AIM module [Part: AIM-VPN/HP=] which performs hardware encryption and offloads router's CPU processing load for IPSec traffic.

HTH,

Rajesh

New Member

Re: IPSec tunnell

I have 3 subnets. One of the subnets is used for some special purpose.My aim is to segregate this subnet from the other two with security.So that it does not interfere with my other traffic...

I thought of Tunneling between the routers...

regards

124
Views
0
Helpful
6
Replies
CreatePlease login to create content