Showing posts with label cisco vpn. Show all posts
Showing posts with label cisco vpn. Show all posts

Thursday, October 25, 2007

CISCO VPN

CONFIGURING CISCO SITE TO SITE VPN

Network scenario:






Now we will create a router to router vpn connection.

First router configuration:

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname vpnA
aaa new-model
enable secret 5 lk987549kksdjfljkk98
!
ip subnet-zero
no ip source-route
ip name-server xx.xx.xx.xx
!
no ip bootp server
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco@#key address 192.168.1.2
!
crypto ipsec transform-set vpntestset esp-null esp-md5-hmac
!
crypto map vpntestset 10 ipsec-isakmp
set peer 192.168.1.2
set transform-set vpntestset
match address 100
!
interface Ethernet0
description WAN connection
ip address 192.168.1.1 255.255.255.252
no ip redirects
no ip proxy-arp
no ip mroute-cache
no cdp enable
crypto map vpntestset
!
interface Ethernet1
description Connection to LAN
ip address 10.1.1.1 255.255.255.0
no ip redirects
no ip proxy-arp
no ip mroute-cache
no cdp enable
!
interface Serial0
no ip address
shutdown
no fair-queue
!
interface Serial1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.2
ip http server
!
access-list 100 permit ip 10.1.1.0.0 0.0.0.255 10.1.2.0 0.0.0.255
no cdp run
!
line con 0
line aux 0
line vty 0 4
password 7 jksdh-wert
!
end





Second router configuration:

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname vpnB
!
aaa new-model
enable secret 5 lk987549kksdjfljkk98
!
ip subnet-zero
no ip source-route
ip name-server xx.xx.xx.xx
!
no ip bootp server
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco@#key address 192.168.1.1

!
crypto ipsec transform-set vpntestset esp-null esp-md5-hmac
!
crypto map vpntestset 10 ipsec-isakmp
set peer 192.168.1.1
set transform-set vpntestset
match address 100
!
!
!
!
interface Ethernet0
description WAN connection
ip address 192.168.2.1 255.255.255.252
no ip redirects
no ip proxy-arp
no ip mroute-cache
no cdp enable
crypto map vpntestset
!
interface Ethernet1
description Connection to LAN
ip address 10.1.2.1 255.255.255.0
no ip redirects
no ip proxy-arp
no ip mroute-cache
no cdp enable
!
interface Serial0
no ip address
shutdown
no fair-queue
!
interface Serial1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
!
!

access-list 100 permit ip 10.1.2.0.0 0.0.0.255 10.1.1.0 0.0.0.255
no cdp run
!
line con 0
line aux 0
line vty 0 4
password 7 jksdh-wert
!
end
Posted by at No comments:
Labels: , ,