05-28-2006 07:03 PM - edited 03-09-2019 03:03 PM
I'm pretty new to VPN stuff, and I'm not exactly an expert in cisco IOS, however, I have a 12.3 release of cisco IOS on a 2800 series router (couldn't give you the exact model atm because I'm not at work)
Anyway, as I understand the documentation, when I issue a crypto command, I should get an option for isakmp (which I do not.) I've been able to generate an RSA key for ssh access. if I don't have ISAKMP support, can someone point me to a configuration guide for VPN that doesn't use ISAKMP?
Solved! Go to Solution.
05-31-2006 01:30 AM
05-28-2006 08:06 PM
Hi Todd,
I believed your IOS version does not support IPSec/VPN security features. It could be running on IP or IPPlus only.
Issue the 'show version' command from the router CLI, and check the IOS version
Your IOS Router need to use/run on one of the following categories:
ADVANCED ENTERPRISE SERVICES
ADVANCED IP SERVICES
ADVANCED SECURITY
IP/ADSL/FW/IDS PLUS IPSEC 3DES
IP/ADSL/IPX/AT/IBM/FW/IDS PLUS IPSEC 3DES
Run IOS Upgrade Planner or Feature Navigator to look for the right IOS & required features:
http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
Normally, router IOS supporting IPSec VPN allows you to configure/execute crypto isakmp and crypto ipsec command. If your router does not support isakmp command, you do not have any option to configure it.
You need to load IOS with IPSec feature. Otherwise, you have to use GRE.
Example on routers supporting IPSec VPN:
GRE:
Rgds,
AK
05-28-2006 10:41 PM
Hello,
The image name should have a 'k9' notation to have crypto support.
Vikas
05-28-2006 11:28 PM
The xxxxx.k9.xx.bin = 3DES, xxxxx.k8.xx.bin = DES
AK
05-30-2006 01:58 PM
Thanks for all your help folks. I'll try to look up the stuff on GRE somewhere else (as I don't apparently have access with my account to view it.) However I believe it puts me on the right track.
-Todd
05-31-2006 01:30 AM
05-31-2006 09:45 AM
Excellent! thank you
05-31-2006 05:37 PM
Hi ..please be aware that by creating a GRE tunnel over the internet WITHOUT the encryption that protocols such as IPsec provides , then the data will traverse the Internet in clear text.
06-03-2006 10:29 AM
Yes, That could present a problem in the future, however when the data becomes important, I'm sure we'll buy a new image or product. For now, because we do own a couple of licenses for Windows server 2k3, I think I will use their solution. I've been playing with the nat configurations for this without success as of yet. I'll post more info possibly in a new thread.
I did want to mention that the help provided so far has been very good, and has pointed me in the right direction.
I took classes to become a CCNA (without success I might add) now that I'm actually applying what I actually know, I feel far more comfortable with Cisco products than I ever have. Thank you all very much
-Todd
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide