Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
325
Views
0
Helpful
2
Replies

Configuring 3des between at 2610 and 2621 router

rklinkhammer
Level 1
Level 1

‎09-25-2002 06:31 AM - edited ‎03-09-2019 12:27 AM

I am using IOS c2600-ik2s-mz.121-16.bin on both routers but can not get the command show crypto isakmp sa to show the connection

**********Config 1********************

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname router1

!

!

!

!

!

!

memory-size iomem 10

ip subnet-zero

!

!

!

crypto isakmp policy 1

authentication pre-share

crypto isakmp key test address 192.168.10.66

!

!

crypto ipsec transform-set test esp-des

!

crypto map test 10 ipsec-isakmp

set peer 192.168.10.66

set transform-set test

match address 101

!

!

!

!

!

!

interface Ethernet0/0

ip address 192.168.3.1 255.255.255.0

crypto map test

!

interface Serial0/0

ip address 192.168.10.38 255.255.255.0

no fair-queue

clockrate 56000

crypto map test

!

interface Serial0/1

no ip address

shutdown

!

interface Serial0/2

no ip address

shutdown

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.10.66

ip http server

!

access-list 101 permit ip 192.168.3.0 0.0.0.255 10.3.2.0 0.0.0.255

!

!

line con 0

line aux 0

line vty 0 4

!

end

****************Config 2*************************

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname router2

!

!

!

!

!

!

memory-size iomem 10

ip subnet-zero

!

!

!

crypto isakmp policy 1

authentication pre-share

crypto isakmp key test address 192.168.10.38

!

!

crypto ipsec transform-set test esp-des

!

crypto map test 10 ipsec-isakmp

set peer 192.168.10.38

set transform-set test

match address 101

!

!

controller T1 1/0

!

!

!

!

!

interface FastEthernet0/0

ip address 10.3.2.1 255.255.255.0

duplex auto

speed auto

crypto map test

!

interface Serial0/0

ip address 192.168.10.66 255.255.255.0

no fair-queue

crypto map test

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/1

no ip address

shutdown

!

interface Serial0/2

no ip address

shutdown

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.10.38

ip http server

!

access-list 101 permit ip 10.3.2.0 0.0.0.255 192.168.3.0 0.0.0.255

!

!

line con 0

line aux 0

line vty 0 4

!

end

Labels:
0 Helpful
2 Replies 2

steve.barlow
Level 7
Level 7

‎09-25-2002 07:35 AM

On both routers, why do you have a "crypto map test" under the inside/lan interface (e0/0 and f0/0)? Remove them so only the outbound interface has the crypto map statement.

Steve

0 Helpful

rklinkhammer
Level 1
Level 1
In response to steve.barlow

‎09-25-2002 08:20 AM

Had those in there for testing. I ended up having the config correctly all along just wasn't testing right.

Thanks for the help.

0 Helpful
Customers Also Viewed These Support Documents