Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2989
Views
0
Helpful
1
Replies

ipsec transform-set

Go to solution
hofo123456
Level 1
Level 1

‎11-06-2015 10:14 PM - edited ‎02-21-2020 08:32 PM

hi all

I aim to configure the router in GNS3 two ipsec

Connections is everything, but I do not know why the ipsec transform-set mode change when I am nothing happens!

I expect by changing the connection mode, but the embryo does not happen and also no log is not displayed in debug mode to change! please help me .

 

config R1 :

crypto isakmp policy 1
encr aes
hash md5
authentication pre-share
crypto isakmp key 1212 address 12.12.12.2
!
!
crypto ipsec transform-set ts esp-aes esp-md5-hmac
mode transport
!
crypto map m1 1 ipsec-isakmp
set peer 12.12.12.2
set transform-set ts
match address 101
!
interface Loopback1
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 12.12.12.1 255.255.255.0
duplex auto
speed auto
crypto map m1
!
ip route 0.0.0.0 0.0.0.0 12.12.12.2
!
access-list 101 permit ip any any

config R2


crypto isakmp policy 1
encr aes
hash md5
authentication pre-share
crypto isakmp key 1212 address 12.12.12.1
!
!
crypto ipsec transform-set ts esp-aes esp-md5-hmac
!
crypto map m1 1 ipsec-isakmp
set peer 12.12.12.1
set transform-set ts
match address 101
!
interface Loopback1
ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
ip address 12.12.12.2 255.255.255.0
duplex auto
speed auto
crypto map m1
!
ip route 0.0.0.0 0.0.0.0 12.12.12.1
!
access-list 101 permit ip any any
!

Maybe all of this is elsewhere !! please help me ;)

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎11-08-2015 11:56 PM

Hi hofo123456,

Can you please explain your issue in brief.
I see that the transform set is not matching thus it will prevent the VPN tunnel to come up.
Default is " Tunnel mode" so either you might want to setup "tunnel mode" or "transport mode " on both routers.

NOTE: If you are just encrypting the traffic sourced from devices behind the routers , then even if you use transport mode , only tunnel mode will be negotiated.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎11-08-2015 11:56 PM

Hi hofo123456,

Can you please explain your issue in brief.
I see that the transform set is not matching thus it will prevent the VPN tunnel to come up.
Default is " Tunnel mode" so either you might want to setup "tunnel mode" or "transport mode " on both routers.

NOTE: If you are just encrypting the traffic sourced from devices behind the routers , then even if you use transport mode , only tunnel mode will be negotiated.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful
Customers Also Viewed These Support Documents