Question:
I'm setting up WS-C3750X-24P-S a IPSec Tunnel between 3800
and 2600 routers over the internet.
Do I need to create a tunnel interface as
they suggest in this document?
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094bff.shtml#diag
I just watched a couple of you tube videos
saying I don't need to do that...
Answer:
For IPSec no need to creat tunnel
interface. you have to assing you peer IP and then push your packet via NAT.
check generic comfiguration of the IPsec
site to site VPN
rypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key XXX address 10.10.10 .10
// set your key insted of XXX and it must
match with your remote site. after that write address of your peer
crypto isakmp invalid-spi-recovery
!
!
crypto ipsec transform-set XXX esp-3des
esp-md5-hmac
!
crypto map YYY local-address <<<FastEthernet0/0
your local int>>>
crypto map YYY 10 ipsec-isakmp
set peer 10.10.10 .10
set transform-set ZZZ
match address 101
interface <<<FastEthernet0/ your
public int>>>
crypto map YYYY
access-list 101 permit ip 192.168.1.0 0.0.0 .255
11.11.11.11 (Remote user) 255.255.255.255
access-list 101 permit ip 192.168.1.0 0.0.0 .255
22.22.22.22(Remote user) 255.255.255.255
Extended IP access list 100 (NAT Access
list)
deny ip 192.168.1.0 0.0.0 .255 host
11.11.11.11
deny ip 192.168.1.1 0.0.0 .255 host
22.22.22.22
permit ip any any
Please rate this WS-C3750V2-48PS-S if helpful
没有评论:
发表评论