Solved: Re: crypto map ipsec configuration.. - Page 2

cindylee27 · ‎11-21-2007

Hi Experts,

I am going to configure a point to point ipsec tunnelling.Am new in this technology..Anybody can point me to the right location for this info?

And the troubleshooting steps if face with problems?

Thanks!

cindylee27 · ‎11-22-2007

Thanks Jon.. :)

Another question is..how can i determine the tunnel is up and can be passed through?

As you were saying the real test is to pass down the tunnel...

Thanks once again :D

Jon Marshall · ‎11-22-2007

Cindy

The tunnel is up because of the output from the "sh crypto ipsec sa". If there was no tunnel up you wouldn't see all that output from your command.

From the output

"local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)

"

The local network (local to the router you ran the command on) is

192.168.1.0/24

The remote network is

192.168.2.0/24

So you need to generate traffic from a host on 192.168.1.0/24 network to a host on the 192.168.2.0/24 network.

Don't forget that if you have access-lists on the interfaces on each router that use the public addressing you will need to add the relevant ports into the access-list.

Jon

cindylee27 · ‎11-22-2007

Thanks Jon,

Got it... :)

Will let you know if i face with the problem at a later stage during production..

JORGE RODRIGUEZ · ‎11-22-2007

Completely agree Jon, and believe me.. beisde labs and reading links books etc.. I follow your post to lear from , there are quite very good engineers in netpro and you're one among them.

Rgds

Jorge

Jorge Rodriguez