Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

encryption between h.o and branch using p-t-p leased line

Dear all

i have 5 remote locations. my central router is 2600 with wic-8A/S and my remote offices are 1700 with wic-2A/S.

both all the routers are using Secured encryption k9 IOS.

rt now the leased line is 128kbps, i'm planning to upgrade this to 512 so for that purpose i have purchased 3845 and encryption IOS. and i have configured the 3845 router but the 512 kb upgrade will happen in future only for that i have WIC -1T cards.

so i have removed the WIC-8A/S from 2600 and fixed it in 3845 and configured and i can see the remote office servers thru windows remote desktop software but when the users started working with application it is not working properly.and mails also not working but i can see that servers are pinging and i can do remote management also. and i removed encryption from one branch and tested i can see that people from that branch are working perfectly.

rest 5 branches are facing the problem.

i'm posting the configuration of 3845 router and config of one branch please check.this configuration was working without any prblm in 2600.and when this prb happend i reverted back the wic-8A/S to 2600 and all the branches started working without any problem.

*** please note***

crypto map ahb_top 1 ipsec-isakmp

when i'm configuring the above line after ipsec-isakmp there are 2 options available dynamic and one more here what should i configure. please check the config and suggest.

i will rate all the posts.




Re: encryption between h.o and branch using p-t-p leased line


Please help me understand one thing, if users are able to access the RDP (MS- Remote Desktop Porotocol), how are they not able to execute the applications through it.

Moreover, one thing I may try to change and see is that, rather than just authenticating the Packets using the AH, I would rather try to use on the ESP and Encapsulate the complete IP Packet and see how does it react.

Would be more than happy to help you out with, please respond.


Wilson Samuel