Site-to-Site IPSec VPN using GRE Configuration |
Dynalconf HOME |
Site-to-Site IPSec VPN using GRE Configuration
3.1 IKE Policy 3.1.1 HQ iskakmp policy 10 encryption : des hash : md5 authentication : pre-share DH group : group 1 isakmp policy 20 encryption : 3des hash : md5 authentication : pre-share DH group : group 2 isakmp policy 30 encryption : aes hash : sha authentication : pre-share DH group : group 2 pre-shared key : cisco123(address: 20.0.0.2) pre-shared key : cisco456(address: 30.0.0.2) 3.1.2 Branch1 isakmp policy 10 encryption : 3des hash : md5 authentication : pre-share DH group : group 2 pre-shared key : cisco123(address 10.0.0.2) 3.1.3 Branch2 isakmp policy 10 encryption : aes hash : sha authentication : pre-share DH group : group 2 pre-shared key : cisco456(address 10.0.0.2) 3.2 IPSec Transform Set 3.2.1 HQ ipsec transform-set Trset10 protocol : esp encryption : des hash : md5-hmac ipsec transform-set Trset20 protocol : esp encryption : 3des hash : md5-hmac ipsec transform-set Trset30 protocol : esp encryption : aes hash : sha-hmac 3.2.2 Branch1 ipsec transform-set Trset10 protocol : esp encryption : 3des hash : md5-hmac 3.2.3 Branch2 ipsec transform-set Trset10 protocol : esp encryption : aes hash : sha-hmac 3.3 Crypto Map 3.3.1 HQ crypto map ToBR 10 ipsec-isakmp set peer 20.0.0.2 set transform-set Trset20 match address 101 crypto map ToBR 20 ipsec-isakmp set peer 30.0.0.2 set transform-set Trset30 match address 102 3.3.2 Branch1 crypto map ToHQ ipsec-isakmp set peer 10.0.0.2 set transform-set Trset10 match address 100 3.3.3 Branch2 crypto map ToHQ ipsec-isakmp set peer 10.0.0.2 set transform-set Trset10 match address 100 3.4 IPSec VPN access-list 3.4.1 HQ HQ To Branch1 access-list 101 permit gre host 10.0.0.2 host 20.0.0.2 HQ To Branch2 access-list 102 permit gre host 10.0.0.2 host 30.0.0.2 3.4.2 Branch1 Branch1 To HQ access-list 100 permit gre host 20.0.0.2 host 10.0.0.2 3.4.3 Branch2 Bracnch2 To HQ access-list 100 permit gre host 30.0.0.2 host 10.0.0.2
1. Dynagen .net file 2. HQ1 3. HQ2 4. HQHOST 5. BR11 6. BR12 7. BR1HOST 8. BR21 9. BR22 10. BR2HOST 11. R1
HQ1 : sh crypto isakmp sa sh crypto engine connections active BR11 : sh crypto isakmp sa sh crypto engine connections active BR21 : sh crypto isakmp sa sh crypto engine connections active 1. HQ1 2. BR11 3. BR12
Dynalconf HOME |