|
Size: 905
Comment: Add cross device Cisco settings as optional.
|
Size: 1515
Comment: Add VTI cisco ipsec tunnel
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 36: | Line 36: |
== Example VTI == * Tunnel interface protected by ipsec - new since 2010. * See. No crypto map {{{ ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key ******** address 0.0.0.0 0.0.0.0 crypto isakmp keepalive 10 ! crypto ipsec transform-set TSET esp-3des esp-sha-hmac ! crypto ipsec profile VTI set transform-set TSET ! interface Tunnel0 ip address 192.168.10.2 255.255.255.0 tunnel source 10.0.149.220 tunnel destination 10.0.149.221 tunnel mode ipsec ipv4 tunnel protection ipsec profile VTI ! }}} |
IPSEC
IPSEC encryption related links.
Sample Cisco Config
!!# Phase One - isakmp #!!
crypto isakmp policy 10 hash sha authentication pre-share crypto isakmp key vpnkey address 10.0.0.2
!!# Phase Two - ipsec #!!
! crypto ipsec security-association lifetime seconds 28800 crypto ipsec transform-set vpnset esp-aes esp-sha-hmac exit crypto map vpnset 10 ipsec-isakmp set peer 10.0.0.2 set transform-set vpnset ! set pfs group2 match address 100
!!#Apply to outside int #!!
int ??
!ip address 10.0.0.1
crypto map vpnset
access-list 100 permit ip 10.10.10.0 0.0.0.255 10.20.0.0 0.0.0.255
ip route 0.0.0.0 0.0.0.0 192.168.16.1
Example VTI
- Tunnel interface protected by ipsec - new since 2010.
- See. No crypto map
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key ******** address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
!
crypto ipsec transform-set TSET esp-3des esp-sha-hmac
!
crypto ipsec profile VTI
set transform-set TSET
!
interface Tunnel0
ip address 192.168.10.2 255.255.255.0
tunnel source 10.0.149.220
tunnel destination 10.0.149.221
tunnel mode ipsec ipv4
tunnel protection ipsec profile VTI
!...