Cisco Support Community
Community Member

crypto between point to point leased line

Dear all

i have 5 remote locations. my central router is 2600 with wic-8A/S and my remote offices are 1700 with wic-2A/S.

both all the routers are using Secured encryption k9 IOS.

rt now the leased line is 128kbps, i'm planning to upgrade this to 512 so for that purpose i have purchased 3845 and encryption IOS. and i have configured the 3845 router but the 512 kb upgrade will happen in future only for that i have WIC -1T cards.

so i have removed the WIC-8A/S from 2600 and fixed it in 3845 and configured and i can see the remote office servers thru windows remote desktop software but when the users started working with application it is not working properly.and mails also not working but i can see that servers are pinging and i can do remote management also. and i removed encryption from one branch and tested i can see that people from that branch are working perfectly.

rest 5 branches are facing the problem.

i'm posting the configuration of 3845 router and config of one branch please check.this configuration was working without any prblm in 2600.and when this prb happend i reverted back the wic-8A/S to 2600 and all the branches started working without any problem.

*** please note***

crypto map ahb_top 1 ipsec-isakmp

when i'm configuring the above line after ipsec-isakmp there are 2 options available dynamic and one more here what should i configure. please check the config and suggest.

i will rate all the posts.




Re: crypto between point to point leased line

Crypto maps are used to specify which DES encryption algorithm(s) will be used in conjunction with each access list defined in the previous step. Crypto maps are also used to identify which peer routers will provide the remote end encryption/authentication services. You must define one crypto map for each interface that will send encrypted data to a peer encrypting router

Re: crypto between point to point leased line

Hi Binoy

In addition to Anthony's comments i would suggest to build individual separate crypto maps for respective peers with difference sequence numbers with exact peer address attached to it.

Once you are done with the same you can assign the crypto map and check.

similar kinda config sample has been discussed under the link pasted by Anthony.


CreatePlease to create content