Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ISAKMP question

I'm pretty new to VPN stuff, and I'm not exactly an expert in cisco IOS, however, I have a 12.3 release of cisco IOS on a 2800 series router (couldn't give you the exact model atm because I'm not at work)

Anyway, as I understand the documentation, when I issue a crypto command, I should get an option for isakmp (which I do not.) I've been able to generate an RSA key for ssh access. if I don't have ISAKMP support, can someone point me to a configuration guide for VPN that doesn't use ISAKMP?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ISAKMP question

Hi Todd,

Some info.

Rgds,

AK

8 REPLIES

Re: ISAKMP question

Hi Todd,

I believed your IOS version does not support IPSec/VPN security features. It could be running on IP or IPPlus only.

Issue the 'show version' command from the router CLI, and check the IOS version

Your IOS Router need to use/run on one of the following categories:

ADVANCED ENTERPRISE SERVICES

ADVANCED IP SERVICES

ADVANCED SECURITY

IP/ADSL/FW/IDS PLUS IPSEC 3DES

IP/ADSL/IPX/AT/IBM/FW/IDS PLUS IPSEC 3DES

Run IOS Upgrade Planner or Feature Navigator to look for the right IOS & required features:

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

Normally, router IOS supporting IPSec VPN allows you to configure/execute crypto isakmp and crypto ipsec command. If your router does not support isakmp command, you do not have any option to configure it.

You need to load IOS with IPSec feature. Otherwise, you have to use GRE.

Example on routers supporting IPSec VPN:

http://www.cisco.com/en/US/partner/tech/tk827/tk369/technologies_configuration_example09186a00800946b8.shtml

GRE:

*http://www.cisco.com/en/US/partner/tech/tk827/tk369/tk287/tsd_technology_support_sub-protocol_home.html

*http://www.cisco.com/en/US/partner/tech/tk86/tk89/technologies_configuration_example09186a008011520d.shtml

Rgds,

AK

Cisco Employee

Re: ISAKMP question

Hello,

The image name should have a 'k9' notation to have crypto support.

Vikas

Re: ISAKMP question

The xxxxx.k9.xx.bin = 3DES, xxxxx.k8.xx.bin = DES

AK

New Member

Re: ISAKMP question

Thanks for all your help folks. I'll try to look up the stuff on GRE somewhere else (as I don't apparently have access with my account to view it.) However I believe it puts me on the right track.

-Todd

Re: ISAKMP question

Hi Todd,

Some info.

Rgds,

AK

New Member

Re: ISAKMP question

Excellent! thank you

Re: ISAKMP question

Hi ..please be aware that by creating a GRE tunnel over the internet WITHOUT the encryption that protocols such as IPsec provides , then the data will traverse the Internet in clear text.

New Member

Re: ISAKMP question

Yes, That could present a problem in the future, however when the data becomes important, I'm sure we'll buy a new image or product. For now, because we do own a couple of licenses for Windows server 2k3, I think I will use their solution. I've been playing with the nat configurations for this without success as of yet. I'll post more info possibly in a new thread.

I did want to mention that the help provided so far has been very good, and has pointed me in the right direction.

I took classes to become a CCNA (without success I might add) now that I'm actually applying what I actually know, I feel far more comfortable with Cisco products than I ever have. Thank you all very much

-Todd

248
Views
0
Helpful
8
Replies
CreatePlease to create content