Cisco IPSEc VPN Configs.. (fwd)
guy.raymakers at europe.eds.com
guy.raymakers at europe.eds.com
Thu Sep 2 03:43:50 EDT 1999
IPsec configuration information can be found at the cisco website.
This URL will bring you to the 'IP Security and Encryption' documentation of IOS
12.0 :
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt4/index.htm
Anyway, here's a example using pre-shared secrets to authenticate (also NAT is
included in this config) :
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname C1605-REMOTE
!
enable password 7 060901264347071E
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
isdn switch-type basic-net3
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key eds address 197.71.25.58
!
!
crypto ipsec transform-set cm-transformset-1 ah-md5-hmac esp-des esp-md5-hmac
!
!
crypto map cm-cryptomap local-address Dialer1
crypto map cm-cryptomap 1 ipsec-isakmp
set peer 197.71.25.58
set transform-set cm-transformset-1
match address 100
!
!
process-max-time 200
!
interface Ethernet0
ip address 199.227.10.1 255.255.255.0
no ip directed-broadcast
!
interface Ethernet1
description connected to LAN
ip address 204.173.190.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface BRI0
description connected to Internet
no ip address
no ip directed-broadcast
ip nat outside
encapsulation ppp
dialer rotary-group 1
isdn switch-type basic-net3
crypto map cm-cryptomap
!
interface Dialer1
description connected to Internet
ip address 198.132.229.216 255.255.255.0
no ip directed-broadcast
ip nat outside
encapsulation ppp
no ip route-cache
no ip split-horizon
no ip mroute-cache
dialer in-band
dialer string 034141850
dialer hold-queue 10
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname jhsjdhuh
ppp chap password 7 18881777377733245E
ppp pap sent-username jhsjdhuh password 7 18881777377733245F
crypto map cm-cryptomap
!
router rip
version 2
timers basic 5 15 15 30
passive-interface Dialer1
network 199.227.10.0
network 204.173.190.0
distribute-list 10 out Ethernet0
no auto-summary
!
ip nat inside source list 101 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
access-list 10 deny any
access-list 100 permit ip host 194.7.229.216 host 194.7.250.58
access-list 100 permit ip host 194.7.229.216 206.165.25.0 0.0.0.255
access-list 100 permit ip 204.173.190.0 0.0.0.255 206.165.25.0 0.0.0.255
access-list 101 deny ip 204.173.190.0 0.0.0.255 206.165.25.0 0.0.0.255
access-list 101 permit ip 204.173.190.0 0.0.0.255 any
dialer-list 1 protocol ip permit
snmp-server engineID local 00000009020000507305B450
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password 7 1041071E0A1E1C0C
login
transport input none
line vty 0 4
password 7 050408082E45400E
login
!
end
Good Luck,
Guy
More information about the VPN
mailing list