[ Pobierz całość w formacie PDF ]
http://www.ciscoguides.com/index.php?option=com_content&view=article&id=114&Itemid=141&limitstart=1!r0dl@n@Cisco IOS to ASA (8.4) - Basic IPSec Site-to-Site VPNCisco IOS - Basic IPSec Site-to-Site VPNThis is the basic configuration needed to bring up an IPSec tunnel between (2) IOS routers (This was done on a pair of 2801's)Please keep in mind that the names used do not have to match on both side's.R1crypto isakmp policy 1encr 3deshash md5authentication pre-sharegroup 2crypto isakmp key c1sco address 10.1.12.2crypto ipsec transform-set shelby esp-3des esp-md5-hmaccrypto map CMAP 10 ipsec-isakmpset peer 10.1.12.2set transform-set shelbymatch address 100interface Serial0/3/0ip address 10.1.12.1 255.255.255.0clock rate 64000crypto map CMAPinterface Loopback0ip address 1.1.1.1 255.255.255.255ip route 2.2.2.0 255.255.255.0 10.1.12.2access-list 100 permit ip host 1.1.1.1 host 2.2.2.2r1#ping 2.2.2.2 source lo0Packet sent with a source address of 1.1.1.1!!!!!r1#show crypto sessionCrypto session current statusInterface: Serial0/3/0Session status: UP-ACTIVEPeer: 10.1.12.2 port 500IKE SA: local 10.1.12.1/500 remote 10.1.12.2/500 ActiveIPSEC FLOW: permit ip host 1.1.1.1 host 2.2.2.2Active SAs: 2, origin: crypto map*************R2crypto isakmp policy 1encr 3deshash md5authentication pre-sharegroup 2crypto isakmp key c1sco address 10.1.12.1crypto ipsec transform-set shelby esp-3des esp-md5-hmaccrypto map CMAP 10 ipsec-isakmpset peer 10.1.12.1set transform-set shelbymatch address 100interface Loopback0ip address 2.2.2.2 255.255.255.255interface Serial0/3/0ip address 10.1.12.2 255.255.255.0crypto map CMAPip route 1.1.1.0 255.255.255.0 10.1.12.1access-list 100 permit ip host 2.2.2.2 host 1.1.1.1
[ Pobierz całość w formacie PDF ]