How does this Lab IPSEC config look?

ccie13k2006 · ‎12-16-2006

My first time configuring ISAKMP/IPSEC, how does it look?

hostname 1720

!

ip host router2611 5.x.x.1

crypto isakmp policy 1000

authentication pre-share

group 2

crypto isakmp key thisisacryptokey hostname router2611

crypto isakmp identity hostname

!

crypto ipsec security-association lifetime seconds 3500

!

crypto ipsec transform-set superset esp-des esp-md5-hmac

!

crypto map to2611 200 ipsec-isakmp

set peer 5.x.x.1

set security-association lifetime seconds 2400

set transform-set superset

set pfs group1

match address 154

!

access-list 154 permit ip 5.5.x.x.x.0.255 5.5.5.0 0.0.0.255

hostname 2611

!

ip host router1720 5.x.x.2

!

crypto isakmp policy 100

authentication pre-share

group 2

crypto isakmp key thisisacryptokey hostname router1720

crypto isakmp identity hostname

!

crypto ipsec security-association lifetime seconds 3500

!

crypto ipsec transform-set highset esp-des esp-md5-hmac

!

crypto map to1720 200 ipsec-isakmp

set peer 5.x.x.2

set security-association lifetime seconds 2400

set transform-set highset

set pfs group1

match address 155

!

access-list 155 permit ip 5.5.x.x.0.0.255 5.5.x.x.0.0.255

spremkumar · ‎12-18-2006

Hi

You need to apply the respective crypto maps under the interface of both the routers which is connecting the routers.

regds

ccie13k2006 · ‎12-19-2006

Hi spremkumar,

Yes I did apply the crypto maps under the correct interfaces (just forgot to include them when copying and pasting the config to the message board). I guess what I am a little embarassed to admit is, I'm not sure which commands to use to verify the VPN is working. I've tried to ping the interfaces and telnet to them, neither are successful, but I don't know if that's because the ACL is blocking that traffic.

spremkumar · ‎12-19-2006

Hi

You can make use of show crypto isakmp sa command to check out the tunnel status.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124tcr/tsec_r/sec_s2ht.htm#wp1384550

regds