ExamNotes.net - IT certification portal

ForumsCertResearchTop sitesNewslettersFree email
HomeRegister
Exams Notes
Practice exams
Exam games
Questions by email
Online training
Training videos
College degrees
Boot camps
Book store
Links directory
Tell a friend
For webmasters

CompTIA Exam Vouchers
Save money on CompTIA exams
Question of the day
Sign up to receive
interactive practice questions
for MCSE, CompTIA
Cisco and other exams
TestKing
Get MCSE, MCSD, CCNA, CCNP,A+, N+ and many more

* ExamSheets *
Guide for Success!
Actual Questions & Answers
MCSE, MCSD, A+ ,CCNA, CCNP
Oracle 8i, Oracle 9i

Online practice tests

Certification sites

Online university

Online college

Online education

Distance learning

Software forum

Server administration forum

Programming resources




This is interesting: Free IT Magazines | Databases help forum



Cisco > Cisco Security exams > Ipsec configuration
Show a Printable Version
Email This Page to Someone!
Receive updates to this thread





Author Ipsec configuration
wimpie
Junior Member
M



Registered: Oct 2002
Location:
Country: Belgium
State:
Certifications: CCNA
Working on:

Total Posts: 12
Ipsec configuration

Hi ,

I was playing around with 2 cisco routers with an ipsec ios installed , wanted to configure them so they can encrypt the telnet traffic to each other . I was having difficulties with the ACL and the router came back with the following error message :
1:09:33: %CRYPTO-4-RECVD_PKT_INV_IDENTITY_ACL: ipsec check access: identity not allowed by ACL

I checked out the cisco website and there they said that other traffic was being passed also by the SA ....

I added a rule in the ACL which would encrypt icmp traffic also and this worked fine so my configuration is ok .

Question : Does anybody know what extra traffic he's putting in the SA when you do a telnet ?

regards
wim

Report this post to a moderator

Old Post 08-18-03 08:21 PM
wimpie is offline Click Here to See the Profile for wimpie Click here to Send wimpie a Private Message Add wimpie to your buddy list Find more posts by wimpie Reply w/Quote Edit/Delete Message IP: Logged
ZacDogg
Senior Member
M



Registered: Mar 2002
Location: Minneapolis
Country: United States
State:
Certifications: A+, Net+, CCNA, CCNP, CCIE, CSS-1
Working on: another CCIE

Total Posts: 227

Are both of the access-lists referenced by the crypto-maps configured to encrypt identical traffic?

Report this post to a moderator

Old Post 08-21-03 09:23 AM
ZacDogg is offline Click Here to See the Profile for ZacDogg Click here to Send ZacDogg a Private Message Add ZacDogg to your buddy list Find more posts by ZacDogg Reply w/Quote Edit/Delete Message IP: Logged
wimpie
Junior Member
M



Registered: Oct 2002
Location:
Country: Belgium
State:
Certifications: CCNA
Working on:

Total Posts: 12

Yes,

and the encryption rule for the icmp traffic is also included in the same access-list

Extended IP access list 101
permit tcp host 200.0.0.202 host 200.0.0.200 eq telnet
permit tcp host 200.0.0.200 host 200.0.0.202 eq telnet
permit icmp host 200.0.0.200 host 200.0.0.202

I tried with this acl but it's not functioning .

thx
Wim

Report this post to a moderator

Old Post 08-21-03 07:33 PM
wimpie is offline Click Here to See the Profile for wimpie Click here to Send wimpie a Private Message Add wimpie to your buddy list Find more posts by wimpie Reply w/Quote Edit/Delete Message IP: Logged
All times are GMT.
Post new thread   Post reply

Featured site: MCSE, MCSD, CompTIA, CCNA training videos



Forum Jump:
Rate This Thread:
Forum Rules:
Who Can Read The Forum? Any registered user or guest.
Who Can Post New Topics? Any registered user.
Who Can Post Replies? Any registered user.
Changes: Messages can be edited by their author.
Posts: HTML code is OFF. Smilies are ON. vB code is ON. [IMG] code is OFF.		  

ExamNotes forum archive

Copyright © 1999 - 2006 ExamNotes.net Inc. All rights reserved.

Powered by: vBulletin 2.2.8
Copyright ©2000, Jelsoft Enterprises Limited.

  Free Braindumps | mcse braindumps