//LAN IP addres 10.0.0.0 255.255.255.0
//R2(local router) public address: 23.0.1.0 255.255.255.0
crypto isakmp policy 1
authentication pre-share
exit
crypto isakmp key cisco address 56.2.11.2
//interesting traffic
access-list 100 permit 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255
//transform set
crypto ipsec transform-set MYSET esp-sha-hmac esp-aes
//crypto map(bind all together)
crypto map MYMAP 1 ipsec-isakmp
set transform-set MYSET
set peer 56.2.11.2
match address 100
exit
//turn on policy (interface with public address)
int fa0/0
crypto map MYMAP
exit
===============================================================================
//remote network
//LAN IP address 192.168.1.0 255.255.255.0
//R4(local router) public address: 56.2.11.2
crypto isakmp policy 1
authentication pre-share
exit
crypto isakmp key cisco address 23.0.1.2
//interesting traffic
access-list 100 permit 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
//transform set
crypto ipsec transform-set OTHER_MYSET esp-sha-hmac esp-aes
//crypto map(bind all together)
crypto map MYMAP 1 ipsec-isakmp
set transform-set OTHER_MYSET
set peer 23.0.1.2
match address 100
exit
//turn on policy (interface with public address)
int fa0/0
crypto map OTHER_MYMAP
exit
//Now local hosts should be able to ping remote hosts
//verification commands
show crypto ipsec sa
/* IKE phase 1 tunnel is for private use when the two edge routers(R2 &R4) need to talk to each other,and it's used to create the IKE phase 2 tunnel (also called the IPSec tunnel).*/
: )
[ view entry ] ( 1348 views ) | print article
<<First <Back | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | Next> Last>>