Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

VMware vCloud and Cisco router ipsec VPN tunnel

Posted on 2013-06-14
5
Medium Priority
?
1,581 Views
Last Modified: 2013-11-29
Hi guys,

I'm having problems trying to set up a ipsec tunnel between VMware vCloud and a Cisco router.

vCloud gives me these directions:

IKE Phase I Parameters

Mode: Main mode
Encryption: AES (128 bit)
Integrity: SHA1
Diffie-Hellman group: Group 2 (1024 bit)
Authentication Method: Pre-shared secret (32 characters in length minimum)
Security Association Lifetime: 28800 seconds

IKE Phase II Parameters

Mode: ESP tunnel mode
Encryption: AES (128 bit)
Integrity: SHA1
Perfect Forward Secrecy: ON
Diffie-Hellman group: Group 2 (1024 bit)
Time Rekeying: ON
Kbyte Rekeying: OFF
Security Association Lifetime: 3600 seconds

Open in new window


on the Cisco router I do the following config:

crypto isakmp policy 10
encr aes
authentication pre-share
group 2

crypto isakmp key xxxxxxx address x.x.x.x (vcloud ip) no-xauth
crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac


access-list 100 permit ip 192.168.2.0 0.0.0.255 10.249.18.0 0.0.0.255 (lan to vcloud)
access-list 100 permit ip 10.249.18.0 0.0.0.255 192.168.2.0 0.0.0.255 (vcloud to lan)

crypto map PFSVPN 15 ipsec-isakmp
 set peer x.x.x.x (vcloud ip)
 set transform-set 3DES-SHA
 set pfs group2
 match address 100

interface FastEthernet0/0 (interface that has the WAN)
crypto map PFSVPN

Open in new window


What is wrong with my tunnel? I used this config with cisco and pfSense firewall and it worked just fine. I'm not sure about the cisco config for the VMware vCloud as I'm not familiar setting up tunnels with these devices. Could you guys please assist me?

Thanks!
0
Comment
Question by:Alex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 28

Expert Comment

by:asavener
ID: 39247806
crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac

vs.

Encryption: AES (128 bit)

You need to create a new transform set on the Cisco router that uses AES-128, and assign that transform to the crypto map.
0
 

Author Comment

by:Alex
ID: 39247817
How?

If you see cisco documentation it doesn't give me AES as an option:

Examples of acceptable transform combinations are:

•ah-md5-hmac

•esp-des

•esp-3des and esp-md5-hmac

•ah-sha-hmac and esp-des and esp-sha-hmac

•comp-lzs
0
 
LVL 28

Expert Comment

by:asavener
ID: 39248026
Most of the newer Cisco IOS images support AES.  What router model and software version are you running?

I suppose your other option is to change the VMware side to 3DES.
0
 

Author Comment

by:Alex
ID: 39248056
Cisco 2801, so far I know there is no way to change many settings on vCloud side, we can't change the AES bit
0
 
LVL 28

Accepted Solution

by:
asavener earned 1500 total points
ID: 39248083
Then you need a router that supports the AES encryption standard.

What happens if you enter crypto ipsec transform-set TEST ?

(With the question mark)
0

Featured Post

ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Teach the user how to use create log bundles for vCenter Server or ESXi hosts Open vSphere Web Client: Generate vCenter Server and ESXi host log bundle:  Open vCenter Server Appliance Web Management interface and generate log bundle: Open vCenter Se…
Teach the user how to use vSphere Update Manager to update the VMware Tools and virtual machine hardware version Open vSphere Client: Review manual processes for updating VMware Tools and virtual hardware versions: Create a new baseline group in vSp…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question