Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How does this Lab IPSEC config look?

My first time configuring ISAKMP/IPSEC, how does it look?

hostname 1720

!

ip host router2611 5.x.x.1

crypto isakmp policy 1000

authentication pre-share

group 2

crypto isakmp key thisisacryptokey hostname router2611

crypto isakmp identity hostname

!

crypto ipsec security-association lifetime seconds 3500

!

crypto ipsec transform-set superset esp-des esp-md5-hmac

!

!

crypto map to2611 200 ipsec-isakmp

set peer 5.x.x.1

set security-association lifetime seconds 2400

set transform-set superset

set pfs group1

match address 154

!

access-list 154 permit ip 5.5.x.x.x.0.255 5.5.5.0 0.0.0.255

hostname 2611

!

ip host router1720 5.x.x.2

!

crypto isakmp policy 100

authentication pre-share

group 2

crypto isakmp key thisisacryptokey hostname router1720

crypto isakmp identity hostname

!

crypto ipsec security-association lifetime seconds 3500

!

crypto ipsec transform-set highset esp-des esp-md5-hmac

!

crypto map to1720 200 ipsec-isakmp

set peer 5.x.x.2

set security-association lifetime seconds 2400

set transform-set highset

set pfs group1

match address 155

!

access-list 155 permit ip 5.5.x.x.0.0.255 5.5.x.x.0.0.255

3 REPLIES

Re: How does this Lab IPSEC config look?

Hi

You need to apply the respective crypto maps under the interface of both the routers which is connecting the routers.

regds

New Member

Re: How does this Lab IPSEC config look?

Hi spremkumar,

Yes I did apply the crypto maps under the correct interfaces (just forgot to include them when copying and pasting the config to the message board). I guess what I am a little embarassed to admit is, I'm not sure which commands to use to verify the VPN is working. I've tried to ping the interfaces and telnet to them, neither are successful, but I don't know if that's because the ACL is blocking that traffic.

Re: How does this Lab IPSEC config look?

Hi

You can make use of show crypto isakmp sa command to check out the tunnel status.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124tcr/tsec_r/sec_s2ht.htm#wp1384550

regds

113
Views
0
Helpful
3
Replies