Difference between revisions of "Netband Project - IPSec/Gre"
From Teknologisk videncenter
(→Configuration for the Branch) |
m (→External links) |
||
(16 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
− | + | =IPSec/Gre= | |
This page is part of the [[Netband_Project|Netband Project]] | This page is part of the [[Netband_Project|Netband Project]] | ||
__TOC__ | __TOC__ | ||
Line 17: | Line 17: | ||
crypto dynamic-map Netband-dynamic 10 | crypto dynamic-map Netband-dynamic 10 | ||
description Hmmm | description Hmmm | ||
− | set transform-set Netband-AES256 | + | set transform-set Netband-AES256-SHA |
! | ! | ||
− | crypto map Netband-crypto 10 ipsec-isakmp dynamic | + | crypto map Netband-crypto 10 ipsec-isakmp dynamic Netband-dynamic |
! | ! | ||
interface Tunnel0 | interface Tunnel0 | ||
ip address 10.255.254.1 255.255.255.252 | ip address 10.255.254.1 255.255.255.252 | ||
ip mtu 1420 | ip mtu 1420 | ||
− | tunnel source | + | tunnel source Loopback1 |
− | tunnel destination 10. | + | tunnel destination 10.255.253.2 |
! | ! | ||
− | interface | + | interface Loopback1 |
− | ip address 10. | + | ip address 10.255.253.1 255.255.255.255 |
! | ! | ||
− | ip route 10. | + | ip route 10.255.253.2 255.255.255.255 192.168.0.1 |
</pre> | </pre> | ||
==Configuration for the Branch== | ==Configuration for the Branch== | ||
+ | This configuration is for the "client" part of the tunnel, with the dynamic IP. | ||
<pre> | <pre> | ||
Line 47: | Line 48: | ||
crypto ipsec transform-set Netband-AES256-SHA esp-aes 256 esp-sha-hmac | crypto ipsec transform-set Netband-AES256-SHA esp-aes 256 esp-sha-hmac | ||
! | ! | ||
− | crypto map crypto 10 ipsec-isakmp | + | crypto map Netband-crypto 10 ipsec-isakmp |
set peer 192.168.0.11 | set peer 192.168.0.11 | ||
− | set transform-set Netband- | + | set transform-set Netband-AES256-SHA |
match address Tunnel_to_HQ | match address Tunnel_to_HQ | ||
! | ! | ||
Line 55: | Line 56: | ||
ip address 10.255.254.2 255.255.255.252 | ip address 10.255.254.2 255.255.255.252 | ||
ip mtu 1420 | ip mtu 1420 | ||
− | tunnel source | + | tunnel source Loopback1 |
− | tunnel destination 10. | + | tunnel destination 10.255.253.1 |
! | ! | ||
− | interface | + | interface Loopback1 |
− | ip address 10. | + | ip address 10.255.253.2 255.255.255.255 |
! | ! | ||
ip access-list extended Tunnel_to_HQ | ip access-list extended Tunnel_to_HQ | ||
− | permit gre host | + | permit gre host 10.255.253.2 host 10.255.253.1 |
! | ! | ||
− | ip route 10. | + | ip route 10.255.253.1 255.255.255.255 FastEthernet0/0 |
</pre> | </pre> | ||
+ | ==External links== | ||
+ | http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_c2g.html#wp1073142<br/> | ||
+ | http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/5_p2pGRE.html#wp84798<br/> | ||
+ | [[Category:network]][[Category:CCNP]][[category:students]][[Category:CCNP2]] |
Latest revision as of 08:07, 1 September 2014
IPSec/Gre
This page is part of the Netband Project
Contents
Configuration for the Head-End
This configuration is for the "server" part of the tunnel, with the static IP.
crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 1000 ! crypto isakmp key CiscoDisco address 0.0.0.0 0.0.0.0 ! crypto ipsec transform-set Netband-AES256-SHA esp-aes 256 esp-sha-hmac ! crypto dynamic-map Netband-dynamic 10 description Hmmm set transform-set Netband-AES256-SHA ! crypto map Netband-crypto 10 ipsec-isakmp dynamic Netband-dynamic ! interface Tunnel0 ip address 10.255.254.1 255.255.255.252 ip mtu 1420 tunnel source Loopback1 tunnel destination 10.255.253.2 ! interface Loopback1 ip address 10.255.253.1 255.255.255.255 ! ip route 10.255.253.2 255.255.255.255 192.168.0.1
Configuration for the Branch
This configuration is for the "client" part of the tunnel, with the dynamic IP.
crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 1000 ! crypto isakmp key CiscoDisco address 192.168.0.11 ! crypto ipsec transform-set Netband-AES256-SHA esp-aes 256 esp-sha-hmac ! crypto map Netband-crypto 10 ipsec-isakmp set peer 192.168.0.11 set transform-set Netband-AES256-SHA match address Tunnel_to_HQ ! interface Tunnel0 ip address 10.255.254.2 255.255.255.252 ip mtu 1420 tunnel source Loopback1 tunnel destination 10.255.253.1 ! interface Loopback1 ip address 10.255.253.2 255.255.255.255 ! ip access-list extended Tunnel_to_HQ permit gre host 10.255.253.2 host 10.255.253.1 ! ip route 10.255.253.1 255.255.255.255 FastEthernet0/0
External links
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_c2g.html#wp1073142
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/5_p2pGRE.html#wp84798