====== Cisco IPsec ======

[[http://ru.wikipedia.org/wiki/IPsec]]

===== LAN-to-LAN IPsec Tunnel =====

[[http://www.cisco.com/en/US/products/hw/routers/ps221/products_configuration_example09186a008073e078.shtml]]

==== router.corpX.un ====

<code>
crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key cisco123 address 172.16.1.Y
!
crypto ipsec transform-set myset esp-des esp-md5-hmac
!
crypto map mymap 10 ipsec-isakmp
 set peer 172.16.1.Y
 set transform-set myset
 match address 100
!
interface FastEthernet0/0
 ip address 192.168.X.1 255.255.255.0
 ip nat inside
!
interface FastEthernet1/0
 ip address 172.16.1.X 255.255.255.0
 ip nat outside
 crypto map mymap
!
ip route 0.0.0.0 0.0.0.0 172.16.1.254
!
ip nat inside source list ACL_NAT interface FastEthernet1/0 overload
!
ip access-list extended ACL_NAT
 deny   ip any 192.168.Y.0 0.0.0.255
 permit ip 192.168.X.0 0.0.0.255 any
!
access-list 100 permit ip 192.168.X.0 0.0.0.255 192.168.Y.0 0.0.0.255
</code>