Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Configuring 3des between at 2610 and 2621 router

I am using IOS c2600-ik2s-mz.121-16.bin on both routers but can not get the command show crypto isakmp sa to show the connection

**********Config 1********************

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname router1

!

!

!

!

!

!

memory-size iomem 10

ip subnet-zero

!

!

!

crypto isakmp policy 1

authentication pre-share

crypto isakmp key test address 192.168.10.66

!

!

crypto ipsec transform-set test esp-des

!

crypto map test 10 ipsec-isakmp

set peer 192.168.10.66

set transform-set test

match address 101

!

!

!

!

!

!

interface Ethernet0/0

ip address 192.168.3.1 255.255.255.0

crypto map test

!

interface Serial0/0

ip address 192.168.10.38 255.255.255.0

no fair-queue

clockrate 56000

crypto map test

!

interface Serial0/1

no ip address

shutdown

!

interface Serial0/2

no ip address

shutdown

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.10.66

ip http server

!

access-list 101 permit ip 192.168.3.0 0.0.0.255 10.3.2.0 0.0.0.255

!

!

line con 0

line aux 0

line vty 0 4

!

end

****************Config 2*************************

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname router2

!

!

!

!

!

!

memory-size iomem 10

ip subnet-zero

!

!

!

crypto isakmp policy 1

authentication pre-share

crypto isakmp key test address 192.168.10.38

!

!

crypto ipsec transform-set test esp-des

!

crypto map test 10 ipsec-isakmp

set peer 192.168.10.38

set transform-set test

match address 101

!

!

controller T1 1/0

!

!

!

!

!

interface FastEthernet0/0

ip address 10.3.2.1 255.255.255.0

duplex auto

speed auto

crypto map test

!

interface Serial0/0

ip address 192.168.10.66 255.255.255.0

no fair-queue

crypto map test

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/1

no ip address

shutdown

!

interface Serial0/2

no ip address

shutdown

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.10.38

ip http server

!

access-list 101 permit ip 10.3.2.0 0.0.0.255 192.168.3.0 0.0.0.255

!

!

line con 0

line aux 0

line vty 0 4

!

end

2 REPLIES

Re: Configuring 3des between at 2610 and 2621 router

On both routers, why do you have a "crypto map test" under the inside/lan interface (e0/0 and f0/0)? Remove them so only the outbound interface has the crypto map statement.

Steve

New Member

Re: Configuring 3des between at 2610 and 2621 router

Had those in there for testing. I ended up having the config correctly all along just wasn't testing right.

Thanks for the help.

146
Views
0
Helpful
2
Replies