Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2894
Views
0
Helpful
19
Replies

crypto applied on Loopback interface

Go to solution
azmath.hk
Level 1
Level 1

‎08-31-2007 03:15 AM

Hi,

The following is the config from one of our 2811 router, we applied crypto on loopback interface but its not working. Can you review the cofig and let us know the suggesstion as where else we can apply crypto MAP to VPN to work.

site#sh run

Building configuration...

Current configuration : 5956 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Site

!

boot-start-marker

boot-end-marker

!

enable secret cisco

!

no aaa new-model

!

resource policy

!

memory-size iomem 25

clock timezone EST -5

clock summer-time EDT recurring

no network-clock-participate wic 2

no network-clock-participate wic 3

ip subnet-zero

!

!

ip cef

no ip dhcp use vrf connected

!

controller T1 0/2/0

framing esf

linecode b8zs

cablelength short 133

channel-group 0 timeslots 1-24

!

controller T1 0/2/1

framing esf

linecode b8zs

cablelength short 133

channel-group 0 timeslots 1-24

!

controller T1 0/3/0

framing esf

linecode b8zs

cablelength short 133

channel-group 0 timeslots 1-24

!

controller T1 0/3/1

framing esf

linecode b8zs

cablelength short 133

channel-group 0 timeslots 1-24

!

!

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

lifetime 28800

crypto isakmp key wsld0829 address 66.78.246.175

!

!

crypto ipsec transform-set rtpset esp-3des esp-md5-hmac

!

crypto map rtp 10 ipsec-isakmp

set peer 66.78.246.175

set transform-set rtpset

match address 110

!

!

!

interface Loopback0

description **** IP Address of Multilink Serial Lines ****

ip address 168.88.110.200 255.255.255.252

crypto map rtp

!

interface Serial0/0/0

description **** To Sprint HCGS/987682//LB ****

no ip address

encapsulation ppp

no fair-queue

pulse-time 1

ppp multilink

crypto map rtp

!

interface Serial0/1/0

description **** To Sprint HCGS/987683//LB ****

no ip address

ip verify unicast reverse-path

no ip redirects

no ip unreachables

encapsulation ppp

no fair-queue

pulse-time 1

ppp multilink

!

interface Serial0/2/0:0

no ip address

ip verify unicast reverse-path

no ip redirects

no ip unreachables

encapsulation ppp

no fair-queue

pulse-time 1

ppp multilink

crypto map rtp

!

interface Serial0/2/1:0

no ip address

ip verify unicast reverse-path

no ip redirects

no ip unreachables

encapsulation ppp

no fair-queue

pulse-time 1

ppp multilink

crypto map rtp

!

interface Serial0/3/0:0

no ip address

ip verify unicast reverse-path

no ip redirects

no ip unreachables

encapsulation ppp

shutdown

no fair-queue

pulse-time 1

ppp multilink

!

interface Serial0/3/1:0

no ip address

ip verify unicast reverse-path

no ip redirects

no ip unreachables

encapsulation ppp

shutdown

no fair-queue

pulse-time 1

ppp multilink

!

interface Virtual-Template1

ip unnumbered Loopback0

ppp multilink

!

ip classless

ip route 0.0.0.0 0.0.0.0 160.81.110.209

ip route 200.3.201.0 255.255.255.0 207.40.33.100

ip route 203.13.189.0 255.255.255.0 207.40.33.100

!

ip http server

no ip http secure-server

!

access-list 110 remark Tunnel ACL

access-list 110 remark Allowing router loopback

access-list 110 permit ip host 168.88.110.200 67.210.111.204 0.0.0.15

access-list 110 remark Allowing IP3

access-list 110 permit ip host 207.41.32.106 65.210.126.240 0.0.0.15

access-list 110 remark Allowing devices

access-list 110 permit ip 208.3.187.0 0.0.0.15 65.210.126.240 0.0.0.15

access-list 110 permit ip 208.3.187.16 0.0.0.7 65.210.126.240 0.0.0.15

access-list 110 permit ip 208.3.187.24 0.0.0.1 65.210.126.240 0.0.0.15

dialer-list 1 protocol ip permit

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

password cisco

login local

!

end

Your suggestion will be highly appreciated.

Regards,

khan

1 person had this problem
Labels:
0 Helpful
19 Replies 19

Go to solution
azmath.hk
Level 1
Level 1
In response to azmath.hk

‎09-04-2007 02:31 AM

Please help me..

0 Helpful

Go to solution
azmath.hk
Level 1
Level 1
In response to azmath.hk

‎09-04-2007 03:26 AM

Jerry,

Its working now after i rebooted the router...

Thanks you ver much..

Regards,

Khan

0 Helpful

Go to solution
jerrytozhang
Level 1
Level 1
In response to azmath.hk

‎09-04-2007 07:25 AM

Haha,,, finally, it works, it's great for me.

So, Can you kindly paste your final configuration there, other people can easily benefit from your configuration, and I don't need to answer this similar question anymore :).

Jerry

0 Helpful

Go to solution
azmath.hk
Level 1
Level 1
In response to jerrytozhang

‎09-04-2007 08:24 AM

Jerry,

Sure, I will paste and rate your inputs.

Could you please tell me what exactly the following command does, because as soon as i removed this command everything started working fine so far.

ip verify unicast reverse-path

Regards,

Khan

0 Helpful

Go to solution
jerrytozhang
Level 1
Level 1
In response to azmath.hk

‎09-04-2007 08:55 AM

ip verify unicast reverse-path is a security feature, it's been Cisco IOS router and PIX firewall a long time.In a summary, this security feature just verify the packets the router receive on a port where respective retunning packets should be forwarded out

through. one port in and same port out!

go to see the URL below for more detail:

http://www.cisco.com/en/US/partner/products/ps6350/products_configuration_guide_chapter09186a00804fdef9.html#wp1000928

Thanks,

Jerry

0 Helpful
Customers Also Viewed These Support Documents