Sunday, August 16, 2020

What is the reason for two SA?

Hello everyone, i do not understand why there are two SA in the output, when i configure ipsec in mode tunnel appear only one SA but when i configure ipsec in mode transport appear two SA, i am not really sure if i did a mistake or if the reason is about the mode of the tunnel.

here the running-config:

Building configuration...

Current configuration : 3700 bytes
!
! Last configuration change at 15:54:32 UTC Sun Aug 16 2020
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname C1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
ethernet lmi ce
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
crypto isakmp policy 10
encr aes
hash sha256
authentication pre-share
group 14
crypto isakmp key CISCO123 address 8.8.11.2
!
!
crypto ipsec transform-set AES_SHA esp-aes esp-sha-hmac
mode transport
!
!
!
crypto map VPN 10 ipsec-isakmp
set peer 8.8.11.2
set transform-set AES_SHA
match address GRE_IPSEC_VPN
!
!
!
!
!
interface Tunnel100
bandwidth 4000
ip address 192.168.100.1 255.255.255.0
ip mtu 1400
tunnel source GigabitEthernet0/1
tunnel destination 8.8.11.2
!
interface GigabitEthernet0/0
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
ip address 8.8.10.2 255.255.255.0
duplex auto
speed auto
media-type rj45
crypto map VPN
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
router ospf 1
router-id 1.1.1.1
network 10.1.1.1 0.0.0.0 area 1
network 192.168.100.1 0.0.0.0 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 8.8.11.2 255.255.255.255 8.8.10.1
!
ip access-list extended GRE_IPSEC_VPN
permit gre host 8.8.10.2 host 8.8.11.2
!
!
!



No comments:

Post a Comment