It is currently Sun Nov 19, 2017 10:26 am


All times are UTC




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: site-to-site VPN - IPsec over GRE Tunnel
PostPosted: Wed Apr 07, 2010 9:29 pm 
Image
http://journey2ccie.blogspot.com/2009/11/ipsec-and-ipsec-over-gre-tunnel.html

[upper router PNG, Cyb left and lab is at the right]

Sample Conf for png


!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname png
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set strong esp-3des esp-md5-hmac
mode transport
!
crypto map vpn 10 ipsec-isakmp
set peer 17.1.2.1
set transform-set strong
match address 110
crypto map vpn 20 ipsec-isakmp
set peer 17.1.2.2
set transform-set strong
match address 120
!
!
!
!
interface Tunnel1
ip address 192.168.1.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 17.1.2.1
crypto map vpn
!
interface Tunnel2
ip address 192.168.2.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 17.1.2.2
crypto map vpn
!
interface FastEthernet0/0
ip address 17.1.1.1 255.255.0.0
crypto map vpn
duplex auto
speed auto
crypto map vpn



!interface FastEthernet0/1

no ip address
shutdown
duplex auto
speed auto
!
router eigrp 60
network 192.168.0.0 0.0.255.255
auto-summary
no eigrp log-neighbor-changes
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
access-list 110 permit gre host 17.1.1.1 host 17.1.2.1
access-list 120 permit gre host 17.1.1.1 host 17.1.2.2
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end




Sample Conf for cyb

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cyb
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set strong esp-3des esp-md5-hmac
mode transport
!
crypto map vpn 10 ipsec-isakmp
set peer 17.1.1.1
set transform-set strong
match address 110
!
!
!
!
interface Tunnel1
ip address 192.168.1.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 17.1.1.1
crypto map vpn
!
interface FastEthernet0/0
ip address 17.1.2.1 255.255.0.0
duplex auto
speed auto
crypto map vpn
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router eigrp 60
network 192.168.0.0 0.0.255.255
auto-summary
no eigrp log-neighbor-changes
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
access-list 110 permit gre host 17.1.2.1 host 17.1.1.1
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

Sample Conf for lab

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname lab
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set strong esp-3des esp-md5-hmac
mode transport
!
crypto map vpn 20 ipsec-isakmp
set peer 17.1.1.1
set transform-set strong
match address 120
!
!
!
!
interface Tunnel2
ip address 192.168.2.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 17.1.1.1
crypto map vpn
!
interface FastEthernet0/0
ip address 17.1.2.2 255.255.0.0
duplex auto
speed auto
crypto map vpn
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router eigrp 60
network 192.168.0.0 0.0.255.255
auto-summary
no eigrp log-neighbor-changes
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
access-list 120 permit gre host 17.1.2.2 host 17.1.1.1
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
http://journey2ccie.blogspot.com/2009/11/ipsec-and-ipsec-over-gre-tunnel.html




Top
  
 
 Post subject: Re: site-to-site VPN - IPsec over GRE Tunnel
PostPosted: Tue Sep 06, 2011 5:14 pm 
Offline

Joined: Mon May 16, 2011 5:28 am
Posts: 87
Nice post .. also check out my site to site vpn lab on gns3 http://commonerrors.blogspot.com/2011/0 ... on-on.html
thanks




Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group

phpBB SEO