This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
cisco_ipsec [2013/07/24 13:08] val |
cisco_ipsec [2013/07/24 13:17] val |
||
---|---|---|---|
Line 5: | Line 5: | ||
[[http://www.cisco.com/en/US/products/hw/routers/ps221/products_configuration_example09186a008073e078.shtml]] | [[http://www.cisco.com/en/US/products/hw/routers/ps221/products_configuration_example09186a008073e078.shtml]] | ||
- | ==== R9 ==== | + | ==== router.corpX.un ==== |
<code> | <code> | ||
- | hostname r9 | ||
- | ! | ||
crypto isakmp policy 10 | crypto isakmp policy 10 | ||
hash md5 | hash md5 | ||
authentication pre-share | authentication pre-share | ||
- | crypto isakmp key cisco123 address 172.16.1.10 | + | crypto isakmp key cisco123 address 172.16.1.Y |
! | ! | ||
crypto ipsec transform-set myset esp-des esp-md5-hmac | crypto ipsec transform-set myset esp-des esp-md5-hmac | ||
! | ! | ||
crypto map mymap 10 ipsec-isakmp | crypto map mymap 10 ipsec-isakmp | ||
- | set peer 172.16.1.10 | + | set peer 172.16.1.Y |
set transform-set myset | set transform-set myset | ||
match address 100 | match address 100 | ||
! | ! | ||
interface FastEthernet0/0 | interface FastEthernet0/0 | ||
- | ip address 192.168.9.1 255.255.255.0 | + | ip address 192.168.X.1 255.255.255.0 |
+ | ip nat inside | ||
! | ! | ||
interface FastEthernet1/0 | interface FastEthernet1/0 | ||
- | ip address 172.16.1.9 255.255.255.0 | + | ip address 172.16.1.X 255.255.255.0 |
+ | ip nat outside | ||
crypto map mymap | crypto map mymap | ||
+ | ! | ||
ip route 0.0.0.0 0.0.0.0 172.16.1.254 | ip route 0.0.0.0 0.0.0.0 172.16.1.254 | ||
! | ! | ||
- | access-list 100 permit ip 192.168.9.0 0.0.0.255 192.168.10.0 0.0.0.255 | + | ip nat inside source list ACL_NAT interface FastEthernet1/0 overload |
+ | ! | ||
+ | ip access-list extended ACL_NAT | ||
+ | deny ip any 192.168.Y.0 0.0.0.255 | ||
+ | permit ip 192.168.X.0 0.0.0.255 any | ||
+ | ! | ||
+ | access-list 100 permit ip 192.168.X.0 0.0.0.255 192.168.Y.0 0.0.0.255 | ||
</code> | </code> | ||
- | ==== R10 ==== | ||
- | |||
- | <code> | ||
- | |||
- | </code> |