Re: Cisco Encryption???

mcship · ‎08-02-2002

I just recently took over a network that is wireless between sites, 8 sites total. Before the previous admin left he told me WEP was not enabled on the local access points but Cisco Encryption on the routers was. My question is how can I confirm that Cisco Encryption is enabled and where can I get more information about this. My concern is when I do a "show run" it doesn't say anything about encryption anywhere except for the enabled password. I plan on getting WEP going ASAP but I need to know if this previous person was telling me the truth and whether or not to look into a more secure option.

Thanks in advance...

b.mason · ‎08-04-2002

I assume you are referring to Cisco IPSec Not the outdated Cisco Encryption Technology CET.

Doing a search on Cisco's web site for IPSec will give a lot of information.

Here is the URL to a good overview of configuring IPSec on the Cisco's:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt4/scdipsec.htm

To see if IPSec is configured and running on your router use the following commands:

"show run | incl crypto"

Will show all the configuration that matches the word crypto (needed for IPSec configuration)

"show crypto isakmp sa"

Will show the current IPSec Security Associations (tunnels) in use.

- Brett

mcship · ‎08-05-2002

When I run the first command "sow run | incl crypto" It just goes to the next line like I just hit the enter key nothing shows up. When I do the second command "show crypto isakmp sa" I get an error message "Invalid input detected at '^' marker" I've done it more then once and every time it points to the word "Crypto" I'm assuming this guy lied to me and I have no encryption on this network....any other ideas?? in the meantime I'll check out the link you provided me.... Thanks

b.mason · ‎08-05-2002

What version of IOS are you running? Is this a router or concentrator or pix?

If a router then please provide the output of a "show version"

mcship · ‎08-05-2002

This is the show version from our 3640 but the rest of the routers are 1750s.

River_Drive_3640#show ver

Cisco Internetwork Operating System Software

IOS (tm) 3600 Software (C3640-IS-M), Version 12.1(2)T, RELEASE SOFTWARE (fc1)

Compiled Tue 16-May-00 12:47 by ccai

Image text-base: 0x600088F0, data-base: 0x6101A000

ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (f

c1)

River_Drive_3640 uptime is 4 weeks, 3 days, 11 hours, 36 minutes

System returned to ROM by reload

System image file is "flash:c3640-is-mz_121-2_T.bin"

cisco 3640 (R4700) processor (revision 0x00) with 61440K/4096K bytes of memory.

Processor board ID 17883700

R4700 CPU at 100Mhz, Implementation 33, Rev 1.0

Bridging software.

X.25 software, Version 3.0.0.

1 Ethernet/IEEE 802.3 interface(s)

1 Serial network interface(s)

8 Voice FXO interface(s)

DRAM configuration is 64 bits wide with parity disabled.

125K bytes of non-volatile configuration memory.

16384K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

Does this help?????

b.mason · ‎08-06-2002

Well the 3640 is not participating in any IPSec as it is not running an IPSec capable IOS. To run IPSec you need an IOS that has 56i in the name for DES such as c3640-is56i-mz.121-2.T.bin or k2 in the name such as c3640-ik2s-mz.121-2.T.bin for triple DES.

CET Which was Cisco's proprietary encryption technology is no longer supported and I'd recommend not using it as it is no longer secure. So even if he was referring to this (need to see the configuration on the router to see if this is setup) then I'd suggest upgrading to IPSec anyway.

Remember, If you do want to post or email your config then please make sure you strip out any passwords.

mcship · ‎08-07-2002

What do I need to look for in the config to see if CET is running???