Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
631
Views
0
Helpful
4
Replies

Token-Ring interface and IPSec termination

pkapoor
Level 3
Level 3

‎07-26-2004 01:31 PM - edited ‎03-02-2019 05:19 PM

This is a quick informative question.

If I have a 2612 with one Ethernet port and a token-ring port, will I be able to configure the token-ring interface with static IPs and terminate an IPSec tunnel on it. I will not be running token-ring (just that the router I have has one in it). What I essentially want to do is have a 2-interface router on which I would like to terminate an IPSec tunnel, run the IOS Firewall Feature set, and IDS on the WAN interface.

Please advise.

Thanks!

Paras

Labels:
0 Helpful
4 Replies 4

rsissons
Level 5
Level 5

‎07-26-2004 10:13 PM

Unless you token ring interface is actually plugged into a MAU/Switch, the protocol will be down and its IP address will not be reachable. There is no equivalent of 'no keepalive', such as there is on ethernet interfaces, to force the interface status to up/up.

0 Helpful

pkapoor
Level 3
Level 3
In response to rsissons

‎07-27-2004 05:34 AM

Thanks for taking time to get back.

What I plan is this:

Host----(E0)Router(TR)-----hub/switch------Host

the host on the Token-Ring side of the router will be the "Internet" and the host inside the LAN. This will be a lab setup. What I want to do is setup some security labs. Therefore, can I setup static IPs on the TR interface? and terminate IPSec tunnels....run IOS Firewall inspection? etc.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to pkapoor

‎07-27-2004 12:43 PM

I am not sure that you understood the point that Rona was trying to make: do you have a token ring MAU to connect the router token ring interface to whatever host you want to have on that interface? Without a MAU (or equivalent token ring switch) you will not be able to connect anything and the protocol of the token ring interface will be down, so that subnet will not be reachable.

Also the diagram you use here to describe your lab has a single router with a couple of hosts. That would not be enough to allow you to terminate IPSec.

Back to your original question about whether you could terminate IPSec on Token Ring interfaces: if you make proper physical connectivity through the token ring interface, and if you run IP on the interface (rather than token ring source route bridging) then it would be possible to terminate IPSec connections on the Token Ring.

HTH

Rick

HTH

Rick
0 Helpful

pkapoor
Level 3
Level 3
In response to Richard Burts

‎07-27-2004 04:07 PM

I deduct that what I want to do is not sufficient. My inference is this from the information:

1. If I do not have a MAU (I do not - have just a switch {layer 2})

2. If I do not have a MAU, the line will be down.

Therefore, it cannot be done.

I do know that I can terminate an IPSec tunnel on the interface with the topology I have (minus token-ring) because the other host can be a VPN client. However, because I do not have the line up (protocol), terminating anything on it will not work. Perhaps, I should have asked whether the line will be up with just a hub/switch (Layer-2).

0 Helpful
Customers Also Viewed These Support Documents