Difference between revisions of "Netband Project - IPSec/Gre"

From Teknologisk videncenter
Jump to: navigation, search
m (Configuration for the Head-End)
m (External links)
 
(27 intermediate revisions by 3 users not shown)
Line 1: Line 1:
<accesscontrol>NetBand</accesscontrol>
+
=IPSec/Gre=
 
 
=Netband Project - IPSec/GRE=
 
 
 
 
This page is part of the [[Netband_Project|Netband Project]]
 
This page is part of the [[Netband_Project|Netband Project]]
 +
__TOC__
 
==Configuration for the Head-End==
 
==Configuration for the Head-End==
This configuration is for the "server" part og the tunnel, with the static IP.
+
This configuration is for the "server" part of the tunnel, with the static IP.
 
<pre>
 
<pre>
 
crypto isakmp policy 10
 
crypto isakmp policy 10
Line 12: Line 10:
 
  group 5
 
  group 5
 
  lifetime 1000
 
  lifetime 1000
 +
!
 
crypto isakmp key CiscoDisco address 0.0.0.0 0.0.0.0
 
crypto isakmp key CiscoDisco address 0.0.0.0 0.0.0.0
crypto ipsec transform-set tset-AES256-SHA esp-aes 256 esp-sha-hmac
+
!
crypto dynamic-map test-dynamic 40
+
crypto ipsec transform-set Netband-AES256-SHA esp-aes 256 esp-sha-hmac
 +
!
 +
crypto dynamic-map Netband-dynamic 10
 
  description Hmmm
 
  description Hmmm
  set transform-set tset-AES256-SHA tset-TDES-SHA
+
  set transform-set Netband-AES256-SHA
crypto map test-crypto 40 ipsec-isakmp dynamic test-dynamic
+
!
interface Tunnel2
+
crypto map Netband-crypto 10 ipsec-isakmp dynamic Netband-dynamic
  ip address 10.255.0.9 255.255.255.252
+
!
 +
interface Tunnel0
 +
ip address 10.255.254.1 255.255.255.252
 +
ip mtu 1420
 +
tunnel source Loopback1
 +
tunnel destination 10.255.253.2
 +
!
 +
interface Loopback1
 +
ip address 10.255.253.1 255.255.255.255
 +
!
 +
ip route 10.255.253.2 255.255.255.255 192.168.0.1
 +
</pre>
 +
 
 +
==Configuration for the Branch==
 +
 
 +
This configuration is for the "client" part of the tunnel, with the dynamic IP.
 +
 
 +
<pre>
 +
crypto isakmp policy 10
 +
encr aes 256
 +
authentication pre-share
 +
group 5
 +
lifetime 1000
 +
!
 +
crypto isakmp key CiscoDisco address 192.168.0.11
 +
!
 +
crypto ipsec transform-set Netband-AES256-SHA esp-aes 256 esp-sha-hmac
 +
!
 +
crypto map Netband-crypto 10 ipsec-isakmp
 +
set peer 192.168.0.11
 +
set transform-set Netband-AES256-SHA
 +
match address Tunnel_to_HQ
 +
!
 +
interface Tunnel0
 +
  ip address 10.255.254.2 255.255.255.252
 
  ip mtu 1420
 
  ip mtu 1420
ip flow ingress
 
ip rip advertise 10
 
 
  tunnel source Loopback1
 
  tunnel source Loopback1
  tunnel destination 192.168.6.5
+
  tunnel destination 10.255.253.1
 
!
 
!
ip route 192.168.6.5 255.255.255.255 89.150.154.1
+
interface Loopback1
 +
ip address 10.255.253.2 255.255.255.255
 +
!
 +
ip access-list extended Tunnel_to_HQ
 +
permit gre host 10.255.253.2 host 10.255.253.1
 +
!
 +
ip route 10.255.253.1 255.255.255.255 FastEthernet0/0
 +
 
 
</pre>
 
</pre>
 +
==External links==
 +
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_c2g.html#wp1073142<br/>
 +
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/5_p2pGRE.html#wp84798<br/>
 +
[[Category:network]][[Category:CCNP]][[category:students]][[Category:CCNP2]]

Latest revision as of 08:07, 1 September 2014

IPSec/Gre

This page is part of the Netband Project

Configuration for the Head-End

This configuration is for the "server" part of the tunnel, with the static IP.

crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
 lifetime 1000
!
crypto isakmp key CiscoDisco address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set Netband-AES256-SHA esp-aes 256 esp-sha-hmac
!
crypto dynamic-map Netband-dynamic 10
 description Hmmm
 set transform-set Netband-AES256-SHA
!
crypto map Netband-crypto 10 ipsec-isakmp dynamic Netband-dynamic
!
interface Tunnel0
 ip address 10.255.254.1 255.255.255.252
 ip mtu 1420
 tunnel source Loopback1
 tunnel destination 10.255.253.2
!
interface Loopback1
 ip address 10.255.253.1 255.255.255.255
!
ip route 10.255.253.2 255.255.255.255 192.168.0.1

Configuration for the Branch

This configuration is for the "client" part of the tunnel, with the dynamic IP.

crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
 lifetime 1000
!
crypto isakmp key CiscoDisco address 192.168.0.11
!
crypto ipsec transform-set Netband-AES256-SHA esp-aes 256 esp-sha-hmac
!
crypto map Netband-crypto 10 ipsec-isakmp
 set peer 192.168.0.11
 set transform-set Netband-AES256-SHA
 match address Tunnel_to_HQ
!
interface Tunnel0
 ip address 10.255.254.2 255.255.255.252
 ip mtu 1420
 tunnel source Loopback1
 tunnel destination 10.255.253.1
!
interface Loopback1
 ip address 10.255.253.2 255.255.255.255
!
ip access-list extended Tunnel_to_HQ
 permit gre host 10.255.253.2 host 10.255.253.1
!
ip route 10.255.253.1 255.255.255.255 FastEthernet0/0

External links

http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_c2g.html#wp1073142
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/5_p2pGRE.html#wp84798