hd lab vpn ipsec site to - site

4
C1 C1(config)#ac 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 C1(config)#ac 100 deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255 C1(config)#ac 100 per ip any any C1(config)#ip nat in sou list 100 int s0/1/1 over C1(config)#crypto isakmp policy 1 C1(config-isakmp)#hash md5 C1(config-isakmp)#au pre C1(config-isakmp)#encry 3des C1(config-isakmp)#group 2 C1(config-isakmp)#crypto isakmp key cisco add 11.1.1.18 C1(config-isakmp)#crypto isakmp key hanoi add 11.1.1.22 C1(config)#ac 101 per ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 C1(config)#ac 102 per ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255 C1(config)#crypto ipsec tran C2 esp-3des esp-md5-hmac C1(config)#crypto ipsec tran C3 esp-aes esp-sha-hmac C1(config)#crypto map VPN 2 ipsec-isakmp C1(config-crypto-map)#set peer 11.1.1.18

Upload: hoanv

Post on 24-Jul-2015

109 views

Category:

Education


7 download

TRANSCRIPT

Page 1: Hd lab vpn ipsec site   to - site

C1

C1(config)#ac 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

C1(config)#ac 100 deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255

C1(config)#ac 100 per ip any any

C1(config)#ip nat in sou list 100 int s0/1/1 over

C1(config)#crypto isakmp policy 1

C1(config-isakmp)#hash md5

C1(config-isakmp)#au pre

C1(config-isakmp)#encry 3des

C1(config-isakmp)#group 2

C1(config-isakmp)#crypto isakmp key cisco add 11.1.1.18

C1(config-isakmp)#crypto isakmp key hanoi add 11.1.1.22

C1(config)#ac 101 per ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

C1(config)#ac 102 per ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255

C1(config)#crypto ipsec tran C2 esp-3des esp-md5-hmac

C1(config)#crypto ipsec tran C3 esp-aes esp-sha-hmac

C1(config)#crypto map VPN 2 ipsec-isakmp

C1(config-crypto-map)#set peer 11.1.1.18

C1(config-crypto-map)#set tran C2

C1(config-crypto-map)#match add 101

C1(config)#crypto map VPN 3 ipsec-isakmp

C1(config-crypto-map)#set peer 11.1.1.22

C1(config-crypto-map)#set tran C3

C1(config-crypto-map)#match add 102

C1(config-crypto-map)#int s0/1/1

C1(config-if)#crypto map VPN

Page 2: Hd lab vpn ipsec site   to - site

C2

C2(config)#ac 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

C2(config)#ac 100 per ip any any

C2(config)#ip nat in sou list 100 int s0/1/0 over

C2(config)#crypto isakmp policy 1

C2(config-isakmp)#hash md5

C2(config-isakmp)#au pre

C2(config-isakmp)#encry 3des

C2(config-isakmp)#group 2

C2(config-isakmp)#crypto isakmp key cisco add 11.1.1.2

C2(config)#ac 101 per ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

C2(config)#crypto ipsec tran C1 esp-3des esp-md5-hmac

C2(config)#crypto map VPN 1 ipsec-isakmp

C2(config-crypto-map)#set peer 11.1.1.2

C2(config-crypto-map)#set tran C1

C2(config-crypto-map)#match add 101

C2(config-crypto-map)#int s0/1/0

C2(config-if)#crypto map VPN

C3

C3(config)#ac 100 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

C3(config)#ac 100 per ip any any

C3(config)#ip nat in sou list 100 int s0/2/1 over

C3(config)#crypto isakmp policy 1

C3(config-isakmp)#hash md5

C3(config-isakmp)#au pre

C3(config-isakmp)#encry 3des

C3(config-isakmp)#group 2

Page 3: Hd lab vpn ipsec site   to - site

C3(config-isakmp)#crypto isakmp key hanoi add 11.1.1.2

C3(config)#ac 101 per ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

C3(config)#crypto ipsec tran C1 esp-aes esp-sha-hmac

C3(config)#crypto map VPN 1 ipsec-isakmp

C3(config-crypto-map)#set peer 11.1.1.2

C3(config-crypto-map)#set tran C1

C3(config-crypto-map)#match add 101

C3(config-crypto-map)#int s0/2/1

C3(config-if)#crypto map VPN