08-02-2002 08:36 PM - edited 03-08-2019 11:48 PM
I just recently took over a network that is wireless between sites, 8 sites total. Before the previous admin left he told me WEP was not enabled on the local access points but Cisco Encryption on the routers was. My question is how can I confirm that Cisco Encryption is enabled and where can I get more information about this. My concern is when I do a "show run" it doesn't say anything about encryption anywhere except for the enabled password. I plan on getting WEP going ASAP but I need to know if this previous person was telling me the truth and whether or not to look into a more secure option.
Thanks in advance...
08-04-2002 11:42 PM
I assume you are referring to Cisco IPSec Not the outdated Cisco Encryption Technology CET.
Doing a search on Cisco's web site for IPSec will give a lot of information.
Here is the URL to a good overview of configuring IPSec on the Cisco's:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt4/scdipsec.htm
To see if IPSec is configured and running on your router use the following commands:
"show run | incl crypto"
Will show all the configuration that matches the word crypto (needed for IPSec configuration)
"show crypto isakmp sa"
Will show the current IPSec Security Associations (tunnels) in use.
- Brett
08-05-2002 04:53 AM
When I run the first command "sow run | incl crypto" It just goes to the next line like I just hit the enter key nothing shows up. When I do the second command "show crypto isakmp sa" I get an error message "Invalid input detected at '^' marker" I've done it more then once and every time it points to the word "Crypto" I'm assuming this guy lied to me and I have no encryption on this network....any other ideas?? in the meantime I'll check out the link you provided me.... Thanks
08-05-2002 03:26 PM
What version of IOS are you running? Is this a router or concentrator or pix?
If a router then please provide the output of a "show version"
08-05-2002 06:28 PM
This is the show version from our 3640 but the rest of the routers are 1750s.
River_Drive_3640#show ver
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3640-IS-M), Version 12.1(2)T, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Tue 16-May-00 12:47 by ccai
Image text-base: 0x600088F0, data-base: 0x6101A000
ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (f
c1)
River_Drive_3640 uptime is 4 weeks, 3 days, 11 hours, 36 minutes
System returned to ROM by reload
System image file is "flash:c3640-is-mz_121-2_T.bin"
cisco 3640 (R4700) processor (revision 0x00) with 61440K/4096K bytes of memory.
Processor board ID 17883700
R4700 CPU at 100Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
1 Ethernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
8 Voice FXO interface(s)
DRAM configuration is 64 bits wide with parity disabled.
125K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
Does this help?????
08-06-2002 06:29 PM
Well the 3640 is not participating in any IPSec as it is not running an IPSec capable IOS. To run IPSec you need an IOS that has 56i in the name for DES such as c3640-is56i-mz.121-2.T.bin or k2 in the name such as c3640-ik2s-mz.121-2.T.bin for triple DES.
CET Which was Cisco's proprietary encryption technology is no longer supported and I'd recommend not using it as it is no longer secure. So even if he was referring to this (need to see the configuration on the router to see if this is setup) then I'd suggest upgrading to IPSec anyway.
Remember, If you do want to post or email your config then please make sure you strip out any passwords.
08-07-2002 04:57 AM
What do I need to look for in the config to see if CET is running???
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide