Differences

This shows you the differences between two versions of the page.

--- cisco_ipsec [2013/07/24 13:08]
val
+++ cisco_ipsec [2013/07/24 13:18] (current)
val
@@ Line 1: / Line 1: @@
 ====== Cisco IPsec ======
+[[http://ru.wikipedia.org/wiki/IPsec]]
 ===== LAN-to-LAN IPsec Tunnel =====
@@ Line 5: / Line 7: @@
 [[http://www.cisco.com/en/US/products/hw/routers/ps221/products_configuration_example09186a008073e078.shtml]]
-==== R9 ====
+==== router.corpX.un ====
 <code>
-hostname r9
-!
 crypto isakmp policy 10
  hash md5
  authentication pre-share
-crypto isakmp key cisco123 address 172.16.1.10
+crypto isakmp key cisco123 address 172.16.1.Y
 !
 crypto ipsec transform-set myset esp-des esp-md5-hmac
 !
 crypto map mymap 10 ipsec-isakmp
- set peer 172.16.1.10
+ set peer 172.16.1.Y
  set transform-set myset
  match address 100
 !
 interface FastEthernet0/0
- ip address 192.168.9.1 255.255.255.0
+ ip address 192.168.X.1 255.255.255.0
+ ip nat inside
 !
 interface FastEthernet1/0
- ip address 172.16.1.9 255.255.255.0
+ ip address 172.16.1.X 255.255.255.0
+ ip nat outside
  crypto map mymap
+!
 ip route 0.0.0.0 0.0.0.0 172.16.1.254
 !
-access-list 100 permit ip 192.168.9.0 0.0.0.255 192.168.10.0 0.0.0.255
+ip nat inside source list ACL_NAT interface FastEthernet1/0 overload
-</code>
+!
+ip access-list extended ACL_NAT
-==== R10 ====
+ deny   ip any 192.168.Y.0 0.0.0.255
+ permit ip 192.168.X.0 0.0.0.255 any
-<code>
+!
+access-list 100 permit ip 192.168.X.0 0.0.0.255 192.168.Y.0 0.0.0.255
 </code>

Методические материалы Лохтурова Вячеслава