Avatar
//LAN IP addres 10.0.0.0 255.255.255.0
//R2(local router) public address: 23.0.1.0 255.255.255.0
crypto isakmp policy 1
authentication pre-share
exit
crypto isakmp key cisco address 56.2.11.2
//interesting traffic
access-list 100 permit 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255
//transform set
crypto ipsec transform-set MYSET esp-sha-hmac esp-aes
//crypto map(bind all together)
crypto map MYMAP 1 ipsec-isakmp
set transform-set MYSET
set peer 56.2.11.2
match address 100
exit
//turn on policy (interface with public address)
int fa0/0
crypto map MYMAP
exit
===============================================================================
//remote network
//LAN IP address 192.168.1.0 255.255.255.0
//R4(local router) public address: 56.2.11.2
crypto isakmp policy 1
authentication pre-share
exit
crypto isakmp key cisco address 23.0.1.2
//interesting traffic
access-list 100 permit 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
//transform set
crypto ipsec transform-set OTHER_MYSET esp-sha-hmac esp-aes
//crypto map(bind all together)
crypto map MYMAP 1 ipsec-isakmp
set transform-set OTHER_MYSET
set peer 23.0.1.2
match address 100
exit
//turn on policy (interface with public address)
int fa0/0
crypto map OTHER_MYMAP
exit
//Now local hosts should be able to ping remote hosts
//verification commands
show crypto ipsec sa
/* IKE phase 1 tunnel is for private use when the two edge routers(R2 &R4) need to talk to each other,and it's used to create the IKE phase 2 tunnel (also called the IPSec tunnel).*/
: )
Comments
Comments are not available for this entry.