Table of Contents
Advertisement
router mobile
!
ip mobile secure home-agent 192.168.1.2 spi 100 key hex 1234567890abcdef1234567890abcdef
algorithm md5 mode prefix-suffix
ip mobile router
address 192.168.100.10 255.255.255.0
home-agent 192.168.1.2
mobile-network Ethernet1/0
!
! Tunnel Template where the crypto map is applied
!
template Tunnel99
!
! Reverse tunneling must be enabled or traffic will not exit via the tunnel
!
reverse-tunnel
!
access-list 110 permit ip any host 192.168.2.2
!
end
Validating the Configuration
The configuration can be validated by using the show ip mobile router command to identify the tunnel
interface that is being used by the mobile router, Then use the show crypto ipsec sa interface tunnel n
command to verify that the relevant SAs are active. The important sections have been emphasized in the
following sample output.
MN#show ip mobile router
Mobile Router
Enabled 10/18/05 18:50:54
Last redundancy state transition NEVER
Configuration:
Home Address 192.168.100.10 Mask 255.255.255.0
Home Agent 192.168.1.2 Priority 100 (best) (current)
Registration lifetime 65534 sec
Retransmit Init 1000, Max 5000 msec, Limit 3
Extend Expire 120, Retry 3, Interval 10
Reverse tunnel required
Mobile Networks:Loopback2 (192.168.123.0/255.255.255.0)
Ethernet1/0 (192.168.124.0/255.255.255.0)
Monitor:
Status -Registered
Active foreign agent 192.168.6.1, Care-of 192.168.6.1 On interface EthernetO/O
TunnelO mode IP/IP
Applying Tunnel Templates to the IPSec Two-box Solution
Tunnel Templates
5
Hide quick links:
Advertisement
Table of Contents
