Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Reason for IPSEC/DES

I just recently took over this network and I'm not a firewall guru by any means, however I can read the config and under the basic configuration. One of the first things I've done, beside changing passwords, was to download the config of each router, switch and of the PIX. As I looked through the configuration on the routers there was no sign of IPSEC, from my research the firmware wouldn't support it anyway. However on the PIX he did setup IPSEC and I saw DES in the configuration as well ("isakmp policy 21 encryption des"). This is where it gets confusing for me, why would he put encryption on the firewall and now where else? Is it so data leaving and entering is encrypted? If that is the case then what is decrypting the data on the other end? If I send a request to view the cisco.com is that being request being encrypted, if so how does the Cisco network decrypt that request? Also what about data that's not going through the firewall, data that is going from machine to server. Also I could use a some reading material on this, if anyone has any suggestions feel free.... Thanks......

4 REPLIES
New Member

Re: Reason for IPSEC/DES

Hi,

look at the following entry in your config:

crypto map "name" "counter" set peer "IP-Address"

This IP-Address is your decryption endpoint.

If this entry is not in your config, you may have a dynamic cryptomap to enable VPN-Client-Communication from everywhere.

Further look at the entry:

crypto map "name" "counter" match address "ACL-NAME"

This shows you, what will be encrypted.

Hope this helps you understanding your equipment.

Kind regards Norbert

New Member

Re: Reason for IPSEC/DES

Ok that help make some sense, I see -- crypto map "name" "counter" match address "ACL-NAME" -- I'm looking at the ACL-Name and only shows 4 local IPs pointing to 5 outside IP addresses. So that tells me that only the people with those 4 local IP address data is going to be encrypted when it goes to one of those 5 outside address, right? Ok then that brings me to--- crypto map "name" "counter" set peer "IP-Address" -- I've found that entry and the IP address is in the same subnet of the other outside address, so that' where it's there being decrypted, right? Is there a reference somewhere that would tell me what each entry stands for? Thanks again....

New Member

Re: Reason for IPSEC/DES

New Member

Re: Reason for IPSEC/DES

Thanks Norbert.....That's weath of information.....

92
Views
5
Helpful
4
Replies
CreatePlease login to create content