Difference between revisions of "Netband Project - IPSec/Gre"
From Teknologisk videncenter
m (→Configuration for the Head-End) |
m (→External links) |
||
| (27 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | =IPSec/Gre= | |
| − | |||
| − | = | ||
| − | |||
This page is part of the [[Netband_Project|Netband Project]] | This page is part of the [[Netband_Project|Netband Project]] | ||
| + | __TOC__ | ||
==Configuration for the Head-End== | ==Configuration for the Head-End== | ||
| − | This configuration is for the "server" part | + | This configuration is for the "server" part of the tunnel, with the static IP. |
<pre> | <pre> | ||
crypto isakmp policy 10 | crypto isakmp policy 10 | ||
| Line 12: | Line 10: | ||
group 5 | group 5 | ||
lifetime 1000 | lifetime 1000 | ||
| + | ! | ||
crypto isakmp key CiscoDisco address 0.0.0.0 0.0.0.0 | crypto isakmp key CiscoDisco address 0.0.0.0 0.0.0.0 | ||
| − | crypto ipsec transform-set | + | ! |
| − | crypto dynamic-map | + | crypto ipsec transform-set Netband-AES256-SHA esp-aes 256 esp-sha-hmac |
| + | ! | ||
| + | crypto dynamic-map Netband-dynamic 10 | ||
description Hmmm | description Hmmm | ||
| − | set transform-set | + | set transform-set Netband-AES256-SHA |
| − | crypto map | + | ! |
| − | interface | + | crypto map Netband-crypto 10 ipsec-isakmp dynamic Netband-dynamic |
| − | ip address 10.255. | + | ! |
| + | interface Tunnel0 | ||
| + | ip address 10.255.254.1 255.255.255.252 | ||
| + | ip mtu 1420 | ||
| + | tunnel source Loopback1 | ||
| + | tunnel destination 10.255.253.2 | ||
| + | ! | ||
| + | interface Loopback1 | ||
| + | ip address 10.255.253.1 255.255.255.255 | ||
| + | ! | ||
| + | ip route 10.255.253.2 255.255.255.255 192.168.0.1 | ||
| + | </pre> | ||
| + | |||
| + | ==Configuration for the Branch== | ||
| + | |||
| + | This configuration is for the "client" part of the tunnel, with the dynamic IP. | ||
| + | |||
| + | <pre> | ||
| + | crypto isakmp policy 10 | ||
| + | encr aes 256 | ||
| + | authentication pre-share | ||
| + | group 5 | ||
| + | lifetime 1000 | ||
| + | ! | ||
| + | crypto isakmp key CiscoDisco address 192.168.0.11 | ||
| + | ! | ||
| + | crypto ipsec transform-set Netband-AES256-SHA esp-aes 256 esp-sha-hmac | ||
| + | ! | ||
| + | crypto map Netband-crypto 10 ipsec-isakmp | ||
| + | set peer 192.168.0.11 | ||
| + | set transform-set Netband-AES256-SHA | ||
| + | match address Tunnel_to_HQ | ||
| + | ! | ||
| + | interface Tunnel0 | ||
| + | ip address 10.255.254.2 255.255.255.252 | ||
ip mtu 1420 | ip mtu 1420 | ||
| − | |||
| − | |||
tunnel source Loopback1 | tunnel source Loopback1 | ||
| − | tunnel destination | + | tunnel destination 10.255.253.1 |
! | ! | ||
| − | ip | + | interface Loopback1 |
| + | ip address 10.255.253.2 255.255.255.255 | ||
| + | ! | ||
| + | ip access-list extended Tunnel_to_HQ | ||
| + | permit gre host 10.255.253.2 host 10.255.253.1 | ||
| + | ! | ||
| + | ip route 10.255.253.1 255.255.255.255 FastEthernet0/0 | ||
| + | |||
</pre> | </pre> | ||
| + | ==External links== | ||
| + | http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_c2g.html#wp1073142<br/> | ||
| + | http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/5_p2pGRE.html#wp84798<br/> | ||
| + | [[Category:network]][[Category:CCNP]][[category:students]][[Category:CCNP2]] | ||
Latest revision as of 09:07, 1 September 2014
IPSec/Gre
This page is part of the Netband Project
Contents
Configuration for the Head-End
This configuration is for the "server" part of the tunnel, with the static IP.
crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 1000 ! crypto isakmp key CiscoDisco address 0.0.0.0 0.0.0.0 ! crypto ipsec transform-set Netband-AES256-SHA esp-aes 256 esp-sha-hmac ! crypto dynamic-map Netband-dynamic 10 description Hmmm set transform-set Netband-AES256-SHA ! crypto map Netband-crypto 10 ipsec-isakmp dynamic Netband-dynamic ! interface Tunnel0 ip address 10.255.254.1 255.255.255.252 ip mtu 1420 tunnel source Loopback1 tunnel destination 10.255.253.2 ! interface Loopback1 ip address 10.255.253.1 255.255.255.255 ! ip route 10.255.253.2 255.255.255.255 192.168.0.1
Configuration for the Branch
This configuration is for the "client" part of the tunnel, with the dynamic IP.
crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 1000 ! crypto isakmp key CiscoDisco address 192.168.0.11 ! crypto ipsec transform-set Netband-AES256-SHA esp-aes 256 esp-sha-hmac ! crypto map Netband-crypto 10 ipsec-isakmp set peer 192.168.0.11 set transform-set Netband-AES256-SHA match address Tunnel_to_HQ ! interface Tunnel0 ip address 10.255.254.2 255.255.255.252 ip mtu 1420 tunnel source Loopback1 tunnel destination 10.255.253.1 ! interface Loopback1 ip address 10.255.253.2 255.255.255.255 ! ip access-list extended Tunnel_to_HQ permit gre host 10.255.253.2 host 10.255.253.1 ! ip route 10.255.253.1 255.255.255.255 FastEthernet0/0
External links
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_c2g.html#wp1073142
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/5_p2pGRE.html#wp84798