VPN config

vpn

R1

crypto isakmp enable << this should be enabled by default
crypto isakmp policy 666 << we can have multiple policies  ??? where do this id match?
  encryption aes 256
  authentication pre-share
  hash md5
  lifetime 65400 << this do not have to match, the lower will be used
crypto isakmp key Nugget!23 address 0.0.0.0 << we can specify who to use the key with
!
crypto ipsec transform-set CCNP_LAB ah-md5-hmac << the endpoints must match on the encryption and the algorythm
  mode tunnel << ????
!
crypto ipsec security-association lifetime seconds 300 << ????
!
ip access-list extended 100
  permit ip 10.11.0.0 0.0.0.255 10.33.0.0 0.0.0.255 << if source matches it will be encrypted
!
crypto map OUR-MAP 1 ipsec-isakmp
  match address 100  
  set peer 10.23.0.3  << the other side of the VPN tunnel
  set transform-set CCNP_LAB
!
int fa0/1
  crypto map OUR-MAP

R3

crypto isakmp policy 1
 encryption aes 256
 authentication pre-share
 hash md5
 lifetime 65400 
crypto isakmp key Nugget!23 address 0.0.0.0
!
crypto ipsec transform-set CCNP_LAB ah-md5-hmac 
 mode tunnel
!
crypto ipsec security-association lifetime seconds 300 
!
ip access-list extended 100
  permit ip 10.11.0.0 0.0.0.255 10.33.0.0 0.0.0.255
!
crypto map OUR-MAP 1 ipsec-isakmp
  match address 100
  set peer 10.23.0.3
  set transform-set CCNP_LAB
!
int fa0/1
  crypto map OUR-MAP
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

Blog at WordPress.com.

Up ↑