09-05-2006 04:23 AM - edited 03-03-2019 04:49 AM
Hi Gurus,
Currently have a project to configure encryption for both end point to point of site locations. How can I go about IPSEC configuration and ANYway to verify that the IPSEC configuration really working or not..?
I am using router 1760 for your info..:)
thanks!
09-05-2006 04:48 AM
Hi
First of all, why do you want to put unnessory load on the router if its a P2P link?
You should have an IP Plus IOS to have this feature
But still....
Hope the following link is self-explainatory:
http://www.cisco.com/warp/public/105/IPSECpart1.html
Regards
JD
09-05-2006 05:11 AM
JD,
Cause need to encrypt the data as we are connecting to the external party..
Thanks for the link, anyway to verify that IPSEC is successfully configured?
thanks..
09-05-2006 07:01 AM
Type
#sh cry ip sa
You should have a list of networks within the tunnel and incrementing traffic on 'interesting networks'.
09-05-2006 07:16 AM
what type of traffic considered as 'interesting networks'??
thanks..
09-05-2006 07:24 AM
The one you included in the match traffic command within the crypto.
You should have something like:
crypto map Core2Core 1 ipsec-isakmp
set peer [peer ip]
set transform-set [policies]
match address 101
access-list 101 permit ip [source interesting traffic] [destination intereresting traffic]
--
Please rate helpful posts.
Thanks
09-05-2006 06:42 PM
Well, I read the article and it was saying to apply crypto map to egress interface instead of ingress interface..
What is the meaning of this statement?
thanks again !
ken
09-05-2006 07:07 PM
egress interface means the outside interface, packets should be encrypted as they leave the router to the remote connection.
ingress interface means inside interface, packets should not be encrypted as they go to the inside network.
09-06-2006 04:10 AM
Thanks,
if i have to do testing on the ipsec,
can i have 2 router 1760 series and then
apply crypto map on the fast ethernet??
What i want to achieve in this test is to create a ipsec tunnelling between the 2 Routers fast ethernet connection connected by the cross cable..
Can i do this to verify my ipsec is working??
thks,
rgd,s
09-06-2006 06:16 AM
Yes, you can.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide