Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
371
Views
4
Helpful
9
Replies

Want to configure IPSEC on both end of the routers

ahpark78
Level 1
Level 1

‎09-05-2006 04:23 AM - edited ‎03-03-2019 04:49 AM

Hi Gurus,

Currently have a project to configure encryption for both end point to point of site locations. How can I go about IPSEC configuration and ANYway to verify that the IPSEC configuration really working or not..?

I am using router 1760 for your info..:)

thanks!

Labels:
0 Helpful
9 Replies 9

desai.jaideep
Level 5
Level 5

‎09-05-2006 04:48 AM

Hi

First of all, why do you want to put unnessory load on the router if its a P2P link?

You should have an IP Plus IOS to have this feature

But still....

Hope the following link is self-explainatory:

http://www.cisco.com/warp/public/105/IPSECpart1.html

Regards

JD

0 Helpful

ahpark78
Level 1
Level 1
In response to desai.jaideep

‎09-05-2006 05:11 AM

JD,

Cause need to encrypt the data as we are connecting to the external party..

Thanks for the link, anyway to verify that IPSEC is successfully configured?

thanks..

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to ahpark78

‎09-05-2006 07:01 AM

Type

#sh cry ip sa

You should have a list of networks within the tunnel and incrementing traffic on 'interesting networks'.

0 Helpful

ahpark78
Level 1
Level 1
In response to Edison Ortiz

‎09-05-2006 07:16 AM

what type of traffic considered as 'interesting networks'??

thanks..

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to ahpark78

‎09-05-2006 07:24 AM

The one you included in the match traffic command within the crypto.

You should have something like:

crypto map Core2Core 1 ipsec-isakmp

set peer [peer ip]

set transform-set [policies]

match address 101

access-list 101 permit ip [source interesting traffic] [destination intereresting traffic]

--

Please rate helpful posts.

Thanks

0 Helpful

ahpark78
Level 1
Level 1
In response to Edison Ortiz

‎09-05-2006 06:42 PM

Well, I read the article and it was saying to apply crypto map to egress interface instead of ingress interface..

What is the meaning of this statement?

thanks again !

ken

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to ahpark78

‎09-05-2006 07:07 PM

egress interface means the outside interface, packets should be encrypted as they leave the router to the remote connection.

ingress interface means inside interface, packets should not be encrypted as they go to the inside network.

0 Helpful

ahpark78
Level 1
Level 1
In response to Edison Ortiz

‎09-06-2006 04:10 AM

Thanks,

if i have to do testing on the ipsec,

can i have 2 router 1760 series and then

apply crypto map on the fast ethernet??

What i want to achieve in this test is to create a ipsec tunnelling between the 2 Routers fast ethernet connection connected by the cross cable..

Can i do this to verify my ipsec is working??

thks,

rgd,s

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to ahpark78

‎09-06-2006 06:16 AM

Yes, you can.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents