Script config VPN L2L IPSec su IOS (router)

Virtual private networks e affini

Moderators: Federico.Lagni, Wizard, tonycimo, MaiO, CiscoBoy

Script config VPN L2L IPSec su IOS (router)

Postby Wizard » Tue 18 Nov , 2008 3:24 pm

Code: Select all
   ### LATO 1 ###

crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key ### address ### no-xauth

crypto ipsec transform-set VPN-SET esp-3des esp-md5-hmac

crypto map VPN local-address dialer1
crypto map VPN 10 ipsec-isakmp
 set peer ###
 set transform-set VPN-SET
 match address 151

interface dialer1
crypto map VPN

no access-list 101
access-list 101 remark *************************************************************
access-list 101 remark *** ACL PER PAT E NAT0 ***
access-list 101 remark *************************************************************
access-list 101 deny   ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 any

access-list 151 remark *** CRYPTO ACL PER TUNNEL IPSEC ***
access-list 151 remark *************************************************************
access-list 151 permit   ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 151 remark *************************************************************

   
   ### LATO 2 ###

crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key ###  address ### no-xauth

crypto ipsec transform-set VPN-SET esp-3des esp-md5-hmac

crypto map VPN local-address dialer0
crypto map VPN 10 ipsec-isakmp
 set peer ###
 set transform-set VPN-SET
 match address 151

interface dialer0
crypto map VPN

no access-list 101
access-list 101 remark ************************************************************
access-list 101 remark *** ACL PER PAT ***
access-list 101 deny   ip 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 101 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 10.0.0.0 0.0.0.255 any
access-list 101 permit ip 192.168.1.0 0.0.0.255 any


access-list 151 remark *** CRYPTO ACL PER TUNNEL IPSEC ***
access-list 151 remark *************************************************************
access-list 151 permit   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 151 remark *************************************************************
Il futuro è fatto di persone che hanno delle intuizioni e visioni .....sono quelle persone che fanno la differenza...... quelle dotate di un TERZO OCCHIO....
User avatar
Wizard
Intergalactic subspace network admin
 
Posts: 3441
Joined: Fri 03 Feb , 2006 10:04 am
Location: Emilia Romagna

Return to VPN

Who is online

Users browsing this forum: No registered users and 1 guest