hd lab vpn ipsec site to - site
TRANSCRIPT
C1
C1(config)#ac 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
C1(config)#ac 100 deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
C1(config)#ac 100 per ip any any
C1(config)#ip nat in sou list 100 int s0/1/1 over
C1(config)#crypto isakmp policy 1
C1(config-isakmp)#hash md5
C1(config-isakmp)#au pre
C1(config-isakmp)#encry 3des
C1(config-isakmp)#group 2
C1(config-isakmp)#crypto isakmp key cisco add 11.1.1.18
C1(config-isakmp)#crypto isakmp key hanoi add 11.1.1.22
C1(config)#ac 101 per ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
C1(config)#ac 102 per ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
C1(config)#crypto ipsec tran C2 esp-3des esp-md5-hmac
C1(config)#crypto ipsec tran C3 esp-aes esp-sha-hmac
C1(config)#crypto map VPN 2 ipsec-isakmp
C1(config-crypto-map)#set peer 11.1.1.18
C1(config-crypto-map)#set tran C2
C1(config-crypto-map)#match add 101
C1(config)#crypto map VPN 3 ipsec-isakmp
C1(config-crypto-map)#set peer 11.1.1.22
C1(config-crypto-map)#set tran C3
C1(config-crypto-map)#match add 102
C1(config-crypto-map)#int s0/1/1
C1(config-if)#crypto map VPN
C2
C2(config)#ac 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
C2(config)#ac 100 per ip any any
C2(config)#ip nat in sou list 100 int s0/1/0 over
C2(config)#crypto isakmp policy 1
C2(config-isakmp)#hash md5
C2(config-isakmp)#au pre
C2(config-isakmp)#encry 3des
C2(config-isakmp)#group 2
C2(config-isakmp)#crypto isakmp key cisco add 11.1.1.2
C2(config)#ac 101 per ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
C2(config)#crypto ipsec tran C1 esp-3des esp-md5-hmac
C2(config)#crypto map VPN 1 ipsec-isakmp
C2(config-crypto-map)#set peer 11.1.1.2
C2(config-crypto-map)#set tran C1
C2(config-crypto-map)#match add 101
C2(config-crypto-map)#int s0/1/0
C2(config-if)#crypto map VPN
C3
C3(config)#ac 100 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
C3(config)#ac 100 per ip any any
C3(config)#ip nat in sou list 100 int s0/2/1 over
C3(config)#crypto isakmp policy 1
C3(config-isakmp)#hash md5
C3(config-isakmp)#au pre
C3(config-isakmp)#encry 3des
C3(config-isakmp)#group 2
C3(config-isakmp)#crypto isakmp key hanoi add 11.1.1.2
C3(config)#ac 101 per ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
C3(config)#crypto ipsec tran C1 esp-aes esp-sha-hmac
C3(config)#crypto map VPN 1 ipsec-isakmp
C3(config-crypto-map)#set peer 11.1.1.2
C3(config-crypto-map)#set tran C1
C3(config-crypto-map)#match add 101
C3(config-crypto-map)#int s0/2/1
C3(config-if)#crypto map VPN