Pages

Wednesday, February 26, 2014

IPSEC-VPN


R1 Configuration!!!!!!!!!!!!!!!!!!!!!

R1#
R1#configure terminal
R1(config)#interface fastEthernet 0/1

R1(config-if)#ip address 192.168.1.254 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#do write me
R1(config-if)#exit

R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 200.200.200.1 255.255.255.252
R1(config-if)#no shutdown
R1(config-if)#do write me
R1(config-if)#exit
R2 Configuration!!!!!!!!!!!!!!!!!!!!!
R2#
R2#configure terminal
R2(config)#interface fastEthernet 0/1
R2(config-if)#ip address 192.168.2.254 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#do write me
R2(config-if)#exit

R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 200.200.200.2 255.255.255.252
R2(config-if)#no shutdown
R2(config-if)#do write me
R2(config-if)#exit

R1(config)#access-list 100 permit ip host 192.168.1.1 host 192.168.2.1
R2(config)#access-list 100 permit ip host 192.168.2.1 host 192.168.1.1

R1(config)#crypto isakmp key 0 myvpnrouter address 200.200.200.2
R2(config)#crypto isakmp key 0 myvpnrouter address 200.200.200.1

R1(config-isakmp)#crypto isakmp policy 10
R1(config-isakmp)#group 2
R1(config-isakmp)#hash md5
R1(config-isakmp)#lifetime 28800
R1(config-isakmp)#encryption aes
R1(config-isakmp)#authentication pre-share

R2(config-isakmp)#crypto isakmp policy 10
R2(config-isakmp)#group 2
R2(config-isakmp)#hash md5
R2(config-isakmp)#lifetime 28800
R2(config-isakmp)#encryption aes
R2(config-isakmp)#authentication pre-share

R1(config)#crypto ipsec transform-set TRANSFORMERS esp-3des esp-sha-hmac
R1(config)#crypto ipsec security-association lifetime seconds 28800
R2(config)#crypto ipsec transform-set TRANSFORMERS esp-3des esp-sha-hmac
R2(config)#crypto ipsec security-association lifetime seconds 28800

R1(config)#crypto map MYMAP 10 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured.
R1(config-crypto-map)#match address 100
R1(config-crypto-map)#description to R2
R1(config-crypto-map)#set transform-set TRANSFORMERS
R1(config-crypto-map)#set peer 200.200.200.2
R1(config-crypto-map)#set security-association lifetime seconds 28800

R2(config)#crypto map MYMAP 10 ipsec-isakmp
 % NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured.
R2(config-crypto-map)#match address 100
R2(config-crypto-map)#description to R1
R2(config-crypto-map)#set transform-set TRANSFORMERS
R2(config-crypto-map)#set peer 200.200.200.1
R2(config-crypto-map)#set security-association lifetime seconds 28800

R1(config)#interface 0/0
R1(config-if)#crypto map MYMAP
R1(config-if)#
*Jul 11 13:05:47.007: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
R2(config)#interface 0/0
R2(config-if)#crypto map MYMAP
R2(config-if)#
*Jul 11 13:05:47.007: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON

R1(config)#ip route 0.0.0.0 0.0.0.0 200.200.200.2
R2(config)#ip route 0.0.0.0 0.0.0.0 200.200.200.1 

R1(config)#do write memory
R2(config)#do write memory

Posted by
Labels:

No comments:

Post a Comment

Thanks

Subscribe to: Post Comments (Atom)