Home > Others

IPSec configuration between routers and Cisco firewalls

Source: Internet
Author: User
Tags hash hmac md5
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

This document describes the IPSec configuration between the router and the Cisco firewall. The traffic between the headquarters and the branch office uses the private IP address, when the branch's local area network user accesses the Internet, needs to carry on the address conversion.

Network topology

Configuration

Define the traffic to the router:

Access-list IPSec permit IP 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0

!---traffic to the router does not address conversion

Access-list Nonat Permit IP 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0

IP address outside 172.17.63.213 255.255.255.240

IP address inside 10.1.1.1 255.255.255.0

Global (outside) 1 172.17.63.210

!---traffic to the router does not address conversion

Nat (inside) 0 access-list Nonat

Nat (inside) 1 10.1.1.0 255.255.255.0 0 0

Conduit permit ICMP any

Route outside 0.0.0.0 0.0.0.0 172.17.63.209 1

!---IPSEC Policy:

Sysopt Connection Permit-ipsec

Crypto IPSec Transform-set avalanche esp-des Esp-md5-hmac

Crypto IPSec security-association lifetime seconds 3600

Crypto map Forsberg IPSEC-ISAKMP

Crypto map Forsberg match address IPSec

Crypto map Forsberg set peer 172.17.63.230

Crypto map Forsberg set Transform-set avalanche

Crypto map Forsberg interface outside

!---IKE Policy:

ISAKMP enable outside

ISAKMP key westernfinal2000 address 172.17.63.230 netmask 255.255.255.255

ISAKMP Identity Address

ISAKMP Policy Authentication Pre-share

ISAKMP Policy Encryption des

ISAKMP Policy Hash MD5

ISAKMP Policy Group 1

: End

Branch Router

Hostname Branch_router

!---IKE Policy:

Crypto ISAKMP Policy 11

Hash MD5

Authentication Pre-share

Crypto ISAKMP key westernfinal2000 address 172.17.63.213

!---IPSec Policy:

Crypto IPSec Transform-set Sharks esp-des Esp-md5-hmac

Crypto map Nolan IPSEC-ISAKMP

Set Peer 172.17.63.213

Set Transform-set Sharks

Match Address 120

!

Interface Ethernet0

IP address 172.17.63.230 255.255.255.240

IP Nat Outside

Crypto map Nolan

!

Interface Ethernet1

IP address 10.2.2.1 255.255.255.0

IP nat Inside

!

IP NAT Pool Branch 172.17.63.230 172.17.63.230 netmask 255.255.255.240

IP nat inside source route-map Nonat Pool branch overload

IP Route 0.0.0.0 0.0.0.0 172.17.63.225

Access-list Permit IP 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255

Access-list 130 deny IP 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255

Access-list 130 Permit IP 10.2.2.0 0.0.0.255 any

Route-map Nonat Permit 10

Match IP address 130

End

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
cisco switches and routers models used cisco routers and switches for sale ios ipsec vpn configuration cisco asa ipsec vpn cisco router ipsec vpn cisco rv series routers cisco routers models

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More