Cisco IPSEc VPN Configs.. (fwd)

guy.raymakers at europe.eds.com guy.raymakers at europe.eds.com
Thu Sep 2 03:43:50 EDT 1999




IPsec configuration information can be found at the cisco website.

This URL will bring you to the 'IP Security and Encryption' documentation of IOS
12.0 :
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt4/index.htm

Anyway, here's a example using pre-shared secrets to authenticate (also NAT is
included in this config)  :


!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname C1605-REMOTE
!
enable password 7 060901264347071E
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
isdn switch-type basic-net3
!
!
crypto isakmp policy 1
 hash md5
 authentication pre-share
crypto isakmp key eds address 197.71.25.58
!
!
crypto ipsec transform-set cm-transformset-1 ah-md5-hmac esp-des esp-md5-hmac
!
!
crypto map cm-cryptomap local-address Dialer1
crypto map cm-cryptomap 1 ipsec-isakmp
 set peer 197.71.25.58
 set transform-set cm-transformset-1
 match address 100
!
!
process-max-time 200
!
interface Ethernet0
 ip address 199.227.10.1 255.255.255.0
 no ip directed-broadcast
!
interface Ethernet1
 description connected to LAN
 ip address 204.173.190.1 255.255.255.0
 no ip directed-broadcast
 ip nat inside
!
interface BRI0
 description connected to Internet
 no ip address
 no ip directed-broadcast
 ip nat outside
 encapsulation ppp
 dialer rotary-group 1
 isdn switch-type basic-net3
 crypto map cm-cryptomap
!
interface Dialer1
 description connected to Internet
 ip address 198.132.229.216 255.255.255.0
 no ip directed-broadcast
 ip nat outside
 encapsulation ppp
 no ip route-cache
 no ip split-horizon
 no ip mroute-cache
 dialer in-band
 dialer string 034141850
 dialer hold-queue 10
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname jhsjdhuh
 ppp chap password 7 18881777377733245E
 ppp pap sent-username jhsjdhuh password 7 18881777377733245F
 crypto map cm-cryptomap
!
router rip
 version 2
 timers basic 5 15 15 30
 passive-interface Dialer1
 network 199.227.10.0
 network 204.173.190.0
 distribute-list 10 out Ethernet0
 no auto-summary
!
ip nat inside source list 101 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
access-list 10 deny   any
access-list 100 permit ip host 194.7.229.216 host 194.7.250.58
access-list 100 permit ip host 194.7.229.216 206.165.25.0 0.0.0.255
access-list 100 permit ip 204.173.190.0 0.0.0.255 206.165.25.0 0.0.0.255
access-list 101 deny   ip 204.173.190.0 0.0.0.255 206.165.25.0 0.0.0.255
access-list 101 permit ip 204.173.190.0 0.0.0.255 any
dialer-list 1 protocol ip permit
snmp-server engineID local 00000009020000507305B450
snmp-server community public RO
!
line con 0
 exec-timeout 0 0
 password 7 1041071E0A1E1C0C
 login
 transport input none
line vty 0 4
 password 7 050408082E45400E
 login
!
end

Good Luck,
     Guy








More information about the VPN mailing list