Hi, I'm in the middle of migrating a configuration from legacy configuration to the new one.. As checked we can do this using ipsec profile with tunnel protection. but After binding the new ipsec profile to interface, tunnel went down and phase1/phase2 are not establishing?
OLD CONFIGURATION:
1. Phase 1 crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key test address x.x.x.x no-xauth crypto isakmp keepalive 30 ! 2. Phase 2 crypto ipsec transform-set giaset esp-3des esp-md5-hmac mode tunnel crypto ipsec df-bit clear ! crypto map test local-address GigabitEthernet0/0/0 crypto map test 10 ipsec-isakmp set peer x.x.x.x set transform-set giaset match address 161 ! 3. Bind To interface int tun x crypto map test
NEW CONFIGURATION:
For this new configuration, I have created an ipsec profile under Phase 2 then add the transform set.
crypto ipsec profile test set transform-set test 3. Bind To interface int tun x tunnel protection ipsec profile test
Another question is, using this ipsec profile does it require's to change any setting on the other end?
Thanks
No comments:
Post a Comment