IPSEC Problem
Posted: Tue Nov 22, 2005 1:44 pm
Hello,
I have a problem in configurin IPSEC with Cisco router with destination any (0.0.0.0/0), I want to use enc-algorithem=3des and auth-algorithm=md5, once I have succedeed, but never again, I'm doing the same configuration again and again but no success, here is my configuration:
[admin@BPB-Peje] > ip ipsec peer print
Flags: X - disabled
0 address=192.168.29.9/32:500 secret="8p884nkPr1" generate-policy=no exchange-mode=main send-initial-contact=yes proposal-check=obey hash-algorithm=md5
enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0
[admin@BPB-Peje] > ip ipsec proposal print
Flags: X - disabled
0 name="Peja-HQ" auth-algorithms=md5 enc-algorithms=3des lifetime=30m lifebytes=0 pfs-group=modp1024
[admin@BPB-Peje] > ip ipsec policy print
Flags: X - disabled, D - dynamic, I - invalid
0 src-address=192.178.62.0/24:any dst-address=0.0.0.0/0:any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes
sa-src-address=192.168.31.197 sa-dst-address=192.168.29.9 proposal=Peja-HQ manual-sa=none dont-fragment=clear
But when I do
IP IPSEC INSTALLED-SA PRINT I'm geting this
0 E spi=0x9BD2D807 direction=in src-address=192.168.29.9 dst-address=192.168.31.197 auth-algorithm=none enc-algorithm=none
Best Regards.
Faton
I have a problem in configurin IPSEC with Cisco router with destination any (0.0.0.0/0), I want to use enc-algorithem=3des and auth-algorithm=md5, once I have succedeed, but never again, I'm doing the same configuration again and again but no success, here is my configuration:
[admin@BPB-Peje] > ip ipsec peer print
Flags: X - disabled
0 address=192.168.29.9/32:500 secret="8p884nkPr1" generate-policy=no exchange-mode=main send-initial-contact=yes proposal-check=obey hash-algorithm=md5
enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0
[admin@BPB-Peje] > ip ipsec proposal print
Flags: X - disabled
0 name="Peja-HQ" auth-algorithms=md5 enc-algorithms=3des lifetime=30m lifebytes=0 pfs-group=modp1024
[admin@BPB-Peje] > ip ipsec policy print
Flags: X - disabled, D - dynamic, I - invalid
0 src-address=192.178.62.0/24:any dst-address=0.0.0.0/0:any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes
sa-src-address=192.168.31.197 sa-dst-address=192.168.29.9 proposal=Peja-HQ manual-sa=none dont-fragment=clear
But when I do
IP IPSEC INSTALLED-SA PRINT I'm geting this
0 E spi=0x9BD2D807 direction=in src-address=192.168.29.9 dst-address=192.168.31.197 auth-algorithm=none enc-algorithm=none
Best Regards.
Faton