VPN series part 3, config of Site-to-site VPN

VPN series part 3, config of Site-to-site VPN

Dinesh Kumar Dinesh Kumar

Dinesh Kumar

Junior Telecom Officer @ Bharat Sanchar Nigam Limited | BCA | CCNA | CCNP R&S | CCNP SECURITY | GERMAN LANGUAGE B2 | MBA in Operations Management

发布日期: 2024年8月29日
+ 关注

Config policy on branch one router

BR1# crypto isakmp policy 1

?????????????? # hash md5

?????????????? #authentication pre-share

?????????????? #group 5

?????????????? # encryption 3des

?????????????? # exit

??? #crypto isakmp key cisco address 23.1.1.2?????

Config access-list

# access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

Config transform set

?# crypto ipsec transform-set tset esp-3des esp-md5-hmac

?????????????? #mode tunnel

?Config crypto map

?????????????? # crypto map cmap 1 ipsec-isakmp

????????????????????????????? # match address 100

????????????????????????????? # set transform-set tset

????????????????????????????? # set peer 23.1.1.2

????????????????????????????? # exit

Apply on egress interface ?of branch one router

????????????????????????????? # interface eth 0/0

???????????????????????????????????????????? # crypto map cmap

???????????????????????????????????????????? # exit

?

Config policy on branch 2 router

BR2# crypto isakmp policy 1

?????????????? # hash md5

?????????????? #authentication pre-share

?????????????? #group 5

?????????????? # encryption 3des

?????????????? # exit

??? #crypto isakmp key cisco address 12.1.1.2

??????????????

Config access-list

??

# access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

?

Config transform set

?# crypto ipsec transform-set tset esp-3des esp-md5-hmac

?????????????? #mode tunnel

?

Config crypto map

?????????????? # crypto map cmap 1 ipsec-isakmp

????????????????????????????? # match address 100

????????????????????????????? # set transform-set tset

????????????????????????????? # set peer 12.1.1.2

????????????????????????????? # exit

Apply on egress interface

????????????????????????????? # interface eth 0/0

???????????????????????????????????????????? # crypto map cmap

???????????????????????????????????????????? # exit

?

Show commands

# show crypto ipsec sa

# show crypto isakmp? sa

# show crypto isakmp? sa detail

?

# debug crypto isakmp

# debug crypto ipsec

?

?

要查看或添加评论,请登录

Dinesh Kumar的更多文章

  • Upgrading system
    2024年9月13日

    Upgrading system

    We are transitioning from the Huawei STM-16 system to Tejas system, connecting 8 sites in a ring topology. This upgrade…

  • VPN series part 2, Site-to-site VPN
    2024年8月29日

    VPN series part 2, Site-to-site VPN

    Site-to-site VPN It is a logical connection between the two sites It is also called as IPsec vpn (Internet Protocol…

  • VPN Series part 1 :- Introduction of VPN
    2024年8月15日

    VPN Series part 1 :- Introduction of VPN

    Introduction of VPN · VPN stands for Virtual Private Network. · VPN provide data integrity, authentication and data…

  • HSRP
    2024年5月3日

    HSRP

    Hot Standby Routing Protocol

社区洞察

其他会员也浏览了