Re: [cisco-ttl] ýp sec

From: Serhat Uslay (serhat.uslay_at_zurich.com.au)
Date: Thu Mar 24 2005 - 01:11:59 EET



bu baglanti Internet uzerinden olmadigi icin IKE yi calistirmadim, sadece
IPSEC..
access list 100 tanimlayarak sifrelemek istedigin trafigi belirt..
kolay gelsin

Serhat

ROUTER 1 ;
no crypto isakmp enable
!
!
crypto ipsec transform-set router1-router2 esp-des
!
crypto map router1-router2-map local-address Loopback0
crypto map router1-router2-map 8 ipsec-manual
 set peer "router2' loopback address"
 set session-key inbound esp 1000 cipher XXXXXXXXXXXXX authenticator 01
 set session-key outbound esp 1001 cipher XXXXXXXXXXXXXX authenticator 01
 set transform-set router1-router2
 match address 100

interface Loopback0
 ip address router1 255.255.255.255

interface Serial0
 description link to router2
 bandwidth 128
 no ip address
 ip access-group 100 out
 no ip proxy-arp
 ip accounting output-packets
 encapsulation frame-relay IETF
 no ip mroute-cache
 no fair-queue
 frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
 description PVC ROUTER2
 bandwidth 128
 ip address xxxxx 255.255.255.252
 no ip mroute-cache
 no cdp enable
 frame-relay interface-dlci 16
 frame-relay payload-compression packet-by-packet
 crypto map router1-router2-map
 crypto ipsec df-bit copy


ip classless

ip route "router2' loopback address" 255.255.255.255 Serial0.1


ROUTER2

no crypto isakmp enable
 
crypto ipsec transform-set router1-router2 esp-des
!
crypto map router1-router2-map local-address Loopback0
crypto map router1-router2-map 8 ipsec-manual
 set peer "router1' loopback address"
 set session-key inbound esp 1001 cipher XXXXXXXXXXXXX authenticator 01
 set session-key outbound esp 1000 cipher XXXXXXXXXXXXXX authenticator 01
 set transform-set router1-router2
 match address 100

interface Loopback0
 ip address router2 255.255.255.255

interface Serial0
 description link to router1
 bandwidth 128
 no ip address
 ip access-group 100 out
 no ip proxy-arp
 ip accounting output-packets
 encapsulation frame-relay IETF
 no ip mroute-cache
 no fair-queue
 frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
 description PVC ROUTER1
 bandwidth 128
 ip address xxxxx 255.255.255.252
 ip nat outside
 no ip mroute-cache
 no cdp enable
 frame-relay interface-dlci 16
 frame-relay payload-compression packet-by-packet
 crypto map router1-router2-map
 crypto ipsec df-bit copy

ip route 0.0.0.0 0.0.0.0 Serial0.1


Please respond to cisco-ttl_at_yahoogroups.com

To: <cisco-ttl_at_yahoogroups.com>
cc:
Subject: [cisco-ttl] ıp sec



Mrb

Elinizde lan to lan çalýþan ip sec config var mý ??

Benim yapmak istediðim atm baðlantýsý olan iki noktanýn datalarýný ip
sec config ile crpto etmek bununla ilgili birkaç taným denedim ama sorun
çýkardý bu konuda bana yardýmcý olabilir misiniz





[Non-text portions of this message have been removed]



--

Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

Listede onerilen cozumlerin uygulanmasindaki tum sorumluluk kullaniciya
aittir. Liste yoneticileri, liste uyeleri ya da bu uyelerin calistigi
kuruluslar herhangi bir sekilde sorumlu tutulamazlar.

Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir
e-posta gönderebilirsiniz.
Yahoo! Groups Links












----
This email is intended for the named recipient only. It may contain information which is confidential, commercially sensitive, or copyright. If you are not the intended recipient you must not reproduce or distribute any part of the email, disclose its contents, or take any action in reliance. If you have received this email in error, please contact the sender and delete the message. It is your responsibility to scan this email and any attachments for viruses and other defects.
To the extent permitted by law, Zurich and its associates will not be liable for any loss or damage arising in any way from this communication including any file attachments. We may monitor email you send to us, either as a reply to this email or any email you send to us, to confirm our systems are protected and for compliance with company policies. Although we take reasonable precautions to protect the confidentiality of our email systems, we do not warrant the confidentiality or security of email or attachments we receive.

[Non-text portions of this message have been removed]

--

Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

Listede onerilen cozumlerin uygulanmasindaki tum sorumluluk kullaniciya aittir. Liste yoneticileri, liste uyeleri ya da bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar.

Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz. Yahoo! Groups Links

<*> To visit your group on the web, go to: http://groups.yahoo.com/group/cisco-ttl/

<*> To unsubscribe from this group, send an email to: cisco-ttl-unsubscribe_at_yahoogroups.com

<*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/



This archive was generated by hypermail 2.1.3 : Thu Mar 24 2005 - 01:12:12 EET