Difference between revisions of "Netband Project - IPSec/Gre"
From Teknologisk videncenter
m |
(→Configuration for the Branch) |
||
| Line 34: | Line 34: | ||
==Configuration for the Branch== | ==Configuration for the Branch== | ||
| + | |||
| + | |||
| + | <pre> | ||
| + | crypto isakmp policy 10 | ||
| + | encr aes 256 | ||
| + | authentication pre-share | ||
| + | group 5 | ||
| + | lifetime 1000 | ||
| + | ! | ||
| + | crypto isakmp key CiscoDisco address 192.168.0.11 | ||
| + | ! | ||
| + | crypto ipsec transform-set Netband-trans esp-3des esp-sha-hmac | ||
| + | ! | ||
| + | crypto map crypto 10 ipsec-isakmp | ||
| + | set peer 192.168.0.11 | ||
| + | set transform-set Netband-trans | ||
| + | match address Tunnel_to_HQ | ||
| + | ! | ||
| + | interface Tunnel0 | ||
| + | ip address 10.255.254.2 255.255.255.252 | ||
| + | ip mtu 1420 | ||
| + | tunnel source Loopback0 | ||
| + | tunnel destination 10.0.0.11 | ||
| + | ! | ||
| + | ip access-list extended Tunnel_to_HQ | ||
| + | permit gre host 192.168.6.5 host 10.0.0.11 | ||
| + | ! | ||
| + | ip route 10.0.0.11 255.255.255.255 FastEthernet0/0 | ||
| + | |||
| + | </pre> | ||
Revision as of 08:40, 14 April 2009
<accesscontrol>NetBand</accesscontrol> This page is part of the Netband Project
Configuration for the Head-End
This configuration is for the "server" part og the tunnel, with the static IP.
crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 1000 ! crypto isakmp key CiscoDisco address 0.0.0.0 0.0.0.0 ! crypto ipsec transform-set Netband-AES256-SHA esp-aes 256 esp-sha-hmac ! crypto dynamic-map Netband-dynamic 10 description Hmmm set transform-set tset-AES256-SHA tset-TDES-SHA ! crypto map Netband-crypto 40 ipsec-isakmp dynamic test-dynamic ! interface Tunnel0 ip address 10.255.254.1 255.255.255.252 ip mtu 1420 tunnel source Loopback0 tunnel destination 10.0.0.21 ! interface Loopback0 ip address 10.0.0.11 255.255.255.255 ! ip route 10.0.0.21 255.255.255.255 192.168.0.1
Configuration for the Branch
crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 1000 ! crypto isakmp key CiscoDisco address 192.168.0.11 ! crypto ipsec transform-set Netband-trans esp-3des esp-sha-hmac ! crypto map crypto 10 ipsec-isakmp set peer 192.168.0.11 set transform-set Netband-trans match address Tunnel_to_HQ ! interface Tunnel0 ip address 10.255.254.2 255.255.255.252 ip mtu 1420 tunnel source Loopback0 tunnel destination 10.0.0.11 ! ip access-list extended Tunnel_to_HQ permit gre host 192.168.6.5 host 10.0.0.11 ! ip route 10.0.0.11 255.255.255.255 FastEthernet0/0