Hi,
it's me again wih an GET VPN topic ;) I configured an GET VPN with 3
routers, like this example: http://www.wr-mem.com/?p=307
Here are the configs:
######################################################################################################
key server (r1 of PG sec pod):
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 192.168.0.2
crypto isakmp key cisco address 192.168.0.3
!
!
crypto ipsec transform-set trans_gdoi esp-3des esp-sha-hmac
!
crypto ipsec profile ipsec_gdoi_profile
set transform-set trans_gdoi
!
crypto gdoi group group_getvpn
identity number 1111
server local
rekey retransmit 10 number 2
rekey authentication mypubkey rsa getvpn_rekey
rekey transport unicast
sa ipsec 1
profile ipsec_gdoi_profile
match address ipv4 100
replay counter window-size 64
address ipv4 192.168.0.1
!
interface Loopback1
ip address 10.0.0.1 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
duplex auto
speed auto
!
router eigrp 1
network 10.0.0.0 0.0.0.255
network 192.168.0.0
no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
access-list 100 permit ip 10.0.0.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 100 permit ip 10.0.0.0 0.0.0.255 10.3.3.0 0.0.0.255
access-list 100 permit ip 10.1.1.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 100 permit ip 10.1.1.0 0.0.0.255 10.3.3.0 0.0.0.255
access-list 100 permit ip 10.3.3.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 100 permit ip 10.3.3.0 0.0.0.255 10.1.1.0 0.0.0.255
######################################################################################################
client 1 (r7 of PG sec pod):
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 192.168.0.1
!
!
crypto gdoi group group_getvpn
identity number 1111
server address ipv4 192.168.0.1
!
!
crypto map map_getvpn 10 gdoi
set group group_getvpn
!
interface Loopback1
ip address 10.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.0.2 255.255.255.0
duplex auto
speed auto
crypto map map_getvpn
!
router eigrp 1
network 10.1.1.0 0.0.0.255
network 192.168.0.0
no auto-summary
######################################################################################################
client 2 (r8 of PG sec pod):
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 192.168.0.1
!
!
crypto gdoi group group_getvpn
identity number 1111
server address ipv4 192.168.0.1
!
!
crypto map map_getvpn 10 gdoi
set group group_getvpn
!
interface Loopback1
ip address 10.3.3.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.0.3 255.255.255.0
duplex auto
speed auto
crypto map map_getvpn
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
router eigrp 1
network 10.3.3.0 0.0.0.255
network 192.168.0.0
no auto-summary
!
######################################################################################################
The GET VPN is up. But I can't ping the other loopback interfaces when
sourcing the ping from the local loopback as source. When I ping
without an spefiic source interface, the traffic seems to go
unencrypted to the other interface: the paket counters of the ipsec
sa's do'nt increase.
Any hints what I have to check first? TIA!
Regards
Simon
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
