I used an alternative method which worked just fine:
! R5 (initiating side)
!
crypto isakmp policy 20
encr aes 192
authentication pre-share
group 2
!
crypto isakmp peer address 8.9.50.2
set aggressive-mode password ipexpert
set aggressive-mode client-endpoint fqdn R5_LAB.seclab
!
crypto ipsec transform-set AES esp-aes 192 esp-sha-hmac
!
crypto map CRYPTO 20 ipsec-isakmp
set peer 8.9.50.2
set transform-set AES
match address R5-R2
!
interface FastEthernet0/1.50
encapsulation dot1Q 50
ip address 8.9.50.5 255.255.255.0
crypto map CRYPTO
!
ip access-list extended R5-R2
permit ip 10.5.5.0 0.0.0.255 8.9.2.0 0.0.0.255
-------------------------------------
! R2 (receiver)
!
crypto isakmp policy 20
encr aes 192
authentication pre-share
group 2
!
crypto isakmp key ipexpert hostname R5_LAB.seclab
!
crypto ipsec transform-set AES esp-aes 192 esp-sha-hmac
crypto dynamic-map DYN 10
set transform-set AES
match address R2-R5
!
crypto map CRYPTO2 10 ipsec-isakmp dynamic DYN
!
interface FastEthernet0/1.50
encapsulation dot1Q 50
ip address 8.9.50.2 255.255.255.0
crypto map CRYPTO2
!
ip access-list extended R2-R5
permit ip 8.9.2.0 0.0.0.255 10.5.5.0 0.0.0.255
HTH
==================================
Date: Sun, 31 Jan 2010 06:40:35 +0200
From: "Johan Bornman" <[email protected]>
Subject: Re: [OSL | CCIE_Security] Lab 4 Task 4.4
To: "'Tyson Scott'" <[email protected]>
Cc: [email protected]
Message-ID:
Content-Type: text/plain; charset="us-ascii"
Tyson,
I lab'd it 4 times, got it to work once, the "profile is incomplete" message
disappeared. I was not able to replicate "the fix", I was too tired I think
but I will be trying again today. Will let you know of the outcome.
Johan
From: Tyson Scott [mailto:[email protected]]
Sent: 30 January 2010 23:35
To: Johan Bornman
Cc: [email protected]
Subject: Re: [OSL | CCIE_Security] Lab 4 Task 4.4
Johan,
That is actually the same as the solution configurations. I looked at the
final configuration, because my laptop is dead right now and I a working off
my home PC, and it has the following.
crypto isakmp profile ISA_PROF
! This profile is incomplete (no match identity statement)
keyring default
self-identity fqdn
initiate mode aggressive
I will have to look at the question and get back with you on this one next
week. I am not sure, it looks like it will probably only work successfully
on outbound initiations. It will probably work but I will have to test to
be sure.
On Sat, Jan 30, 2010 at 2:42 PM, Johan Bornman <[email protected]> wrote:
Hi,
I get this profile incomplete message:
crypto isakmp profile ISA_PROF
! This profile is incomplete (no match identity statement)
keyring default
self-identity fqdn
initiate mode aggressive
The commands here are the same as in the solutions guide.
Any help will be appreciated.
Johan
_____________________________________________
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
