It is currently Tue Dec 12, 2017 12:20 pm


All times are UTC




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: SITE-SITE VPN
PostPosted: Thu Dec 10, 2009 7:19 am 
Hi Frnz..hre u can c how to config a site-site vpn

Image

Configuration Of R1 (Cust Site A) :
hostname CusSite-A
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
username cisco123 privilege 15 password 0 cisco123
!
!
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
crypto isakmp key 123456 address 172.16.1.2
!
!
crypto ipsec transform-set mk esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to172.16.1.2
set peer 172.16.1.2
set transform-set mk
match address 100
!
!
!
!
interface Loopback0
ip address 192.168.2.1 255.255.255.0
!
interface Serial0/0
ip address 10.1.1.1 255.255.255.0
serial restart-delay 0
crypto map SDM_CMAP_1
!
interface Serial0/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 Serial0/0 10.1.1.2
ip route 172.16.2.0 255.255.255.0 10.1.1.2
!
!
!
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.2.0 0.0.0.255 172.16.2.0 0.0.0.255
!
!
!
control-plane
!

!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login local
transport input ssh
!
!
end
-----------------------------------------------------------
Configuration of R2 (ISP) :
hostname ISP
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
interface Serial0/0
ip address 10.1.1.2 255.255.255.0
serial restart-delay 0
!
interface Serial0/1
ip address 172.16.1.1 255.255.255.0
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
ip http server
no ip http secure-server
ip route 172.16.2.0 255.255.255.0 Serial0/1 172.16.1.2
ip route 192.168.1.0 255.255.255.0 Serial0/0 10.1.1.1
ip route 192.168.2.0 255.255.255.0 Serial0/0 10.1.1.1
!
!
!
!
!
!
control-plane
!
!
!!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
-------------------------------------------
Config of R3 (Cus Site B) :
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CusSite-B
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
username cisco123 privilege 15 password 0 cisco123
!
!
!
!
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
crypto isakmp key 123456 address 10.1.1.1
!
!
crypto ipsec transform-set mk esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
set peer 10.1.1.1
set transform-set mk
match address SDM_1
!
!
!
!
interface Loopback0
ip address 172.16.2.1 255.255.255.0
!
interface Serial0/0
ip address 172.16.1.2 255.255.255.0
serial restart-delay 0
no fair-queue
crypto map SDM_CMAP_1
!
interface Serial0/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 Serial0/0 172.16.1.1
!
!
!
!
ip access-list extended SDM_1
remark SDM_ACL Category=4
remark IPSec Rule
permit ip 172.16.2.0 0.0.0.255 192.168.2.0 0.0.0.255
!
!
!
control-plane
!
!!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
Packet Capture Output
Image

R1 Debug Output

Image



Thank You......
............Ur's MK




Top
  
 
 Post subject: Re: SITE-SITE VPN
PostPosted: Tue Sep 06, 2011 5:18 pm 
Offline

Joined: Mon May 16, 2011 5:28 am
Posts: 87
Great..
also check out my site to site vpn lab on gns3 http://commonerrors.blogspot.com/2011/0 ... on-on.html
thanks




Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group

phpBB SEO