Thursday, October 25, 2007

CISCO VPN

CONFIGURING CISCO SITE TO SITE VPN

Network scenario:






Now we will create a router to router vpn connection.

First router configuration:

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname vpnA
aaa new-model
enable secret 5 lk987549kksdjfljkk98
!
ip subnet-zero
no ip source-route
ip name-server xx.xx.xx.xx
!
no ip bootp server
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco@#key address 192.168.1.2
!
crypto ipsec transform-set vpntestset esp-null esp-md5-hmac
!
crypto map vpntestset 10 ipsec-isakmp
set peer 192.168.1.2
set transform-set vpntestset
match address 100
!
interface Ethernet0
description WAN connection
ip address 192.168.1.1 255.255.255.252
no ip redirects
no ip proxy-arp
no ip mroute-cache
no cdp enable
crypto map vpntestset
!
interface Ethernet1
description Connection to LAN
ip address 10.1.1.1 255.255.255.0
no ip redirects
no ip proxy-arp
no ip mroute-cache
no cdp enable
!
interface Serial0
no ip address
shutdown
no fair-queue
!
interface Serial1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.2
ip http server
!
access-list 100 permit ip 10.1.1.0.0 0.0.0.255 10.1.2.0 0.0.0.255
no cdp run
!
line con 0
line aux 0
line vty 0 4
password 7 jksdh-wert
!
end





Second router configuration:

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname vpnB
!
aaa new-model
enable secret 5 lk987549kksdjfljkk98
!
ip subnet-zero
no ip source-route
ip name-server xx.xx.xx.xx
!
no ip bootp server
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco@#key address 192.168.1.1

!
crypto ipsec transform-set vpntestset esp-null esp-md5-hmac
!
crypto map vpntestset 10 ipsec-isakmp
set peer 192.168.1.1
set transform-set vpntestset
match address 100
!
!
!
!
interface Ethernet0
description WAN connection
ip address 192.168.2.1 255.255.255.252
no ip redirects
no ip proxy-arp
no ip mroute-cache
no cdp enable
crypto map vpntestset
!
interface Ethernet1
description Connection to LAN
ip address 10.1.2.1 255.255.255.0
no ip redirects
no ip proxy-arp
no ip mroute-cache
no cdp enable
!
interface Serial0
no ip address
shutdown
no fair-queue
!
interface Serial1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
!
!

access-list 100 permit ip 10.1.2.0.0 0.0.0.255 10.1.1.0 0.0.0.255
no cdp run
!
line con 0
line aux 0
line vty 0 4
password 7 jksdh-wert
!
end
Posted by at No comments:
Labels: , ,