Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
786
Views
0
Helpful
4
Replies

Cisco 2600 802.1q sub interface and IPSEC

subra4u
Level 1
Level 1

‎06-19-2009 06:36 AM - edited ‎03-04-2019 05:11 AM

Hi,

We are trying to set up a tunnel with a sub interface (but with no luck)and would like to know if some one has tried creating an ipsec tunnel using a sub interface in a cisco 2600.

Thx in advance,

subra

Labels:
0 Helpful
4 Replies 4

Dennis Mink
VIP Alumni
VIP Alumni

‎06-19-2009 06:53 AM

what is the issue and can you include the config?

Thanks

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

subra4u
Level 1
Level 1
In response to Dennis Mink

‎06-19-2009 09:39 AM

Hi,

Below is the requested config.......

sh run

Building configuration...

Current configuration : 2729 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

boot-start-marker

boot-end-marker

!

!

no ip subnet-zero

ip cef

!

!

no ip domain-lookup

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

!

crypto isakmp policy 20

encr 3des

authentication pre-share

group 2

crypto isakmp key dsfgf address 8.2.8.6

!

!

crypto ipsec transform-set TS1 esp-3des esp-sha-hmac

mode transport

!

crypto map cm1 20 ipsec-isakmp

set peer 8.2.8.68

set transform-set TS1

set pfs group2

match address 102

!

call rsvp-sync

!

!

!

!

!

!

!

!

interface Tunnel1

description **** RX ****

bandwidth 256

ip address 13.30.63.10 255.255.255.252

tunnel source FastEthernet0/0.756

tunnel destination 8.52.8.68

no clns route-cache

crypto map cm1

!

interface FastEthernet0/0

no ip address

no ip mroute-cache

duplex auto

speed auto

no cdp enable

no clns route-cache

!

interface FastEthernet0/0.50

encapsulation dot1Q 50

ip address 8.11.6.1 255.255.255.0

no cdp enable

!

interface FastEthernet0/0.756

encapsulation dot1Q 756

ip address 8.11.6.5 255.255.255.240

no cdp enable

crypto map cm1

!

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎06-21-2009 04:01 PM

Where's the config of the remote router?

0 Helpful

subra4u
Level 1
Level 1
In response to Leo Laohoo

‎06-22-2009 07:05 AM

Hi,

Sorry. do not have access to the remote router. But a similar config works with a different router. the only difference is the other one has 2 different physical interface instead of 1.

here we are trying with a Dot1q tunneling on the main interface.

Please find the HW details below:

System image file is "flash:c2600-itpk9-mz.122-25.SW8.bin"

Cisco 2650XM (MPC860P) processor (revision 0x100) with 105472K/25600K bytes of memory.

Processor board ID JAD070203JW (3476809370)

M860 processor: part number 5, mask 2

1 FastEthernet interface

32K bytes of NVRAM.

49152K bytes of processor board System flash (Read/Write)

.756 interface is connecting the router to the public and .50 is the new network which has the server connected and reach the remote end over the vpn.

Please let me know if you need more info.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card