IPSEC Transport Mode Configuration

Last Update:2016-07-05 Source: Internet

Author: User

Tags hmac

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/83/BF/wKioL1d7auaAVBMaAAD8yhqMkLs746.jpg "title=" 9.jpg " alt= "Wkiol1d7auaavbmaaad8yhqmkls746.jpg"/>

R1
Router>enable
Router#configure Terminal
Router (config) #hostname R1
R1 (config) #no IP domain-lookup
R1 (config) #service timestamps debug datetime localtime
R1 (config) #service timestamps log datetime localtime
R1 (config) #interface F0/1
R1 (config-if) #ip address 10.1.1.1 255.255.255.0
R1 (config-if) #no shutdown
R1 (config-if) #exit
R1 (config) #interface f0/0
R1 (config-if) #ip address 12.1.1.1 255.255.255.0
R1 (config-if) #no shutdown
R1 (config-if) #exit
R1 (config) #interface loop0
R1 (config-if) #ip address 1.1.1.1 255.255.255.0
R1 (config-if) #no shutdown
R1 (config-if) #exit
R1 (config) #ip Route 0.0.0.0 0.0.0.0 12.1.1.2

R1 (config) #interface Tunnel10
R1 (config-if) #tunnel source 12.1.1.1
R1 (config-if) #tunnel destination 23.1.1.3
R1 (config-if) # IP address 172.16.1.1 255.255.255.0
R1 (CONFIG-IF) #tunnel mode GRE IP
R1 (config-if) #no shutdown

R1 (config) #ip Route 192.168.1.0 255.255.255.0 tunnel10

R1 (config) #crypto ISAKMP policy 10
R1 (CONFIG-ISAKMP) #authentication Pre-share
R1 (CONFIG-ISAKMP) #encryption des
R1 (CONFIG-ISAKMP) #group 2
R1 (CONFIG-ISAKMP) #hash MD5
R1 (CONFIG-ISAKMP) #exit
R1 (config) #crypto ISAKMP key 6, Cisco address 23.1.1.3 255.255.255.0

R1 (config) #crypto IPSec transform-set Cisco Esp-des Esp-md5-hmac
R1 (Cfg-crypto-trans) #mode Tunnel
R1 (Cfg-crypto-trans) #exit

R1 (config) #ip Access-list extended interested
R1 (CONFIG-EXT-NACL) #permit GRE host 12.1.1.1 host 23.1.1.3
R1 (CONFIG-EXT-NACL) #exit

R1 (config) #crypto map Ipsecvpn IPSEC-ISAKMP
R1 (config-crypto-map) #set peer 23.1.1.3
R1 (CONFIG-CRYPTO-MAP) #set transform-set Cisco
R1 (CONFIG-CRYPTO-MAP) #match address interested
R1 (Config-crypto-map) #exit
R1 (config) #interface f0/0
R1 (config-if) #crypto map Ipsecvpn

R1 (config) #ip Access-list extended NAT
R1 (CONFIG-EXT-NACL) #10 permit IP 1.1.1.0 0.0.0.255 any
R1 (CONFIG-EXT-NACL) #exit
R1 (config) #int loop0
R1 (config-if) #ip nat inside
R1 (config-if) #int s0/0
R1 (config-if) #ip Nat outside
R1 (config-if) #exit
R1 (config) #ip Nat inside source list Nat int f0/0 overload

R3
Router>enable
Router#configure Terminal
Router (config) #hostname R3
R3 (config) #no IP domain-lookup
R3 (config) #service timestamps debug datetime localtime
R3 (config) #service timestamps log datetime localtime
R3 (config) #interface f0/0
R3 (config-if) #ip address 192.168.1.3 255.255.255.0
R3 (config-if) #no shutdown
R3 (config-if) #exit
R3 (config) #interface F0/1
R3 (config-if) #ip address 23.1.1.3 255.255.255.0
R3 (config-if) #no shutdown
R3 (config-if) #exit

R3 (config) #ip Route 0.0.0.0 0.0.0.0 23.1.1.2
R3 (config) #interface tunnel11
R3 (config-if) #tunnel source 23.1.1.3
R3 (config-if) #tunnel destination 12.1.1.1
R3 (config-if) # IP address 172.16.1.3 255.255.255.0
R3 (CONFIG-IF) #tunnel mode GRE IP
R3 (config-if) #no shutdown
R3 (config-if) #exit
R3 (config) #ip Route 10.1.1.0 255.255.255.0 tunnel11

R3 (config) #crypto ISAKMP policy 10
R3 (CONFIG-ISAKMP) #authentication Pre-share
R3 (CONFIG-ISAKMP) #encryption des
R3 (CONFIG-ISAKMP) #group 2
R3 (CONFIG-ISAKMP) #hash MD5
R3 (CONFIG-ISAKMP) #exit
R3 (config) #crypto ISAKMP key 6, Cisco address 12.1.1.1 255.255.255.0

R3 (config) #crypto IPSec transform-set Cisco Esp-des Esp-md5-hmac
R3 (Cfg-crypto-trans) #mode Tunnel
R3 (Cfg-crypto-trans) #exit

R3 (config) #ip Access-list extended interested
R3 (CONFIG-EXT-NACL) #permit GRE host 23.1.1.3 host 12.1.1.1
R3 (CONFIG-EXT-NACL) #exit

R3 (config) #crypto map Ipsecvpn IPSEC-ISAKMP
R3 (config-crypto-map) #set peer 12.1.1.1
R3 (CONFIG-CRYPTO-MAP) #set transform-set Cisco
R3 (CONFIG-CRYPTO-MAP) #match address interested
R3 (Config-crypto-map) #exit

R3 (config) #interface serial 0/1
R3 (config-if) #crypto map Ipsecvpn

IPSEC Transport Mode Configuration

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More