HubRouter2503 # showrunning-configBuildingconfiguration .. Currentconfiguration: 1466 bytes! Version12.2servicetimestampsdebugdatetimemsecservicetimestampsloguptimenoservicepassword-encryption! Hostname2503 !! Ipsubn
Hub Router 2503 # show running-config Building configuration... Current configuration: 1466 bytes! Version 12.2 service timestamps debug datetime msec service timestamps log uptime no service password-encryption! Hostname 2503! ! Ip subn
Hub Router
2503 # show running-config
Building configuration...
Current configuration: 1466 bytes
!
Version 12.2:
Service timestamps debug datetime msec
Service timestamps log uptime
No service password-encryption
!
Hostname 2503
!
!
Ip subnet-zero
!
!
! --- Configuration for IKE policies.
Crypto isakmp policy 10
! --- Enables the IKE policy configuration (config-isakmp)
! --- Command mode, where you can specify the parameters that
! --- Are used during an IKE negotiation.
Hash md5
Authentication pre-share
Crypto isakmp key cisco123 address 200.1.2.1
Crypto isakmp key cisco123 address 200.1.3.1
! --- Specifies the preshared key "cisco123" which shold
! --- Be identical at both peers. This is a global
! --- Configuration mode command.
!
! --- Configuration for IPSec protocols ies.
Crypto ipsec transform-set myset esp-des esp-md5-hmac
! --- Enables the crypto transform configuration mode,
! --- Where you can specify the transform sets that are used
! --- During an IPSec negotiation.
!
Crypto map mymap 10 ipsec-isakmp
! --- Indicates that IKE is used to establish
! --- The IPSec security association for protecting
! --- Traffic specified by this crypto map entry.
Set peer 200.1.2.1
! --- Sets the IP address of the remote end.
Set transform-set myset
! --- Configures IPSec to use the transform-set
! --- "Myset" defined earlier in this configuration.
Match address 110
! --- Specifyies the traffic to be encrypted.
Crypto map mymap 20 ipsec-isakmp
Set peer 200.1.3.1
Set transform-set myset
Match address 120
!
!
!
!
Interface Loopback0
Ip address 10.1.1.1 255.255.255.0
!
Interface Ethernet0
Ip address 200.1.1.1 255.255.255.0
No ip route-cache
! --- You must enable process switching for IPSec
! --- To encrypt outgoing packets. This command disables fast switching.
No ip mroute-cache
Crypto map mymap
! --- Configures the interface to use
! --- Crypto map "mymap" for IPSec.
!
! --- Output suppressed.
Ip classless
Ip route 172.16.1.0 255.255.255.0 Ethernet0
Ip route 192.168.1.0 255.255.255.0 Ethernet0
Ip route 200.1.0.0 255.255.0.0 Ethernet0
Ip http server
!
Access-list 110 permit ip 10.1.1.0 0.0.255 172.16.1.0 0.0.0.255
Access-list 110 permit ip 192.168.1.0 0.0.255 172.16.1.0 0.0.255
Access-list 120 permit ip 10.1.1.0 0.0.255 192.168.1.0 0.0.255
Access-list 120 permit ip 172.16.1.0 0.0.255 192.168.1.0 0.0.255
! --- This crypto ACL-permit identifies
! --- Matching traffic flows to be protected via encryption.
Spoke 1 Router
2509
A # show running-config
Building configuration...
Current configuration: 1203 bytes
!
Version 12.2:
Service timestamps debug datetime msec
Service timestamps log uptime
No service password-encryption
!
Hostname 2509a
!
Enable secret 5 $1 $ DOX3 $ rIrxEnTVTw/7LNbxi. akz0
!
Ip subnet-zero
No ip domain-lookup
!
!
Crypto isakmp policy 10
Hash md5
Authentication pre-share
Crypto isakmp key cisco123 address 200.1.1.1
!
!
Crypto ipsec transform-set myset esp-des esp-md5-hmac
!
Crypto map mymap 10 ipsec-isakmp
Set peer 200.1.1.1
Set transform-set myset
Match address 110
!
!
!
!
Interface Loopback0
Ip address 172.16.1.1 255.255.255.0
!
Interface Ethernet0
Ip address 200.1.2.1 255.255.255.0
No ip route-cache
No ip mroute-cache
Crypto map mymap
!
.
.
! --- Output suppressed.
.
.
Ip classless
Ip route 10.1.1.0 255.255.255.0 Ethernet0
Ip route 192.168.1.0 255.255.255.0 Ethernet0
Ip route 200.1.0.0 255.255.0.0 Ethernet0
No ip http server
!
Access-list 110 permit ip 172.16.1.0 0.0.255 10.1.1.0 0.0.255
Access-list 110 permit ip 172.16.1.0 0.0.255 192.168.1.0 0.0.255
!
End
2509a #
Spoke 2 Router
VPN2509 # show running-config
Building configuration...
Current configuration: 1117 bytes
!
Version 12.2:
Service timestamps debug datetime msec
Service timestamps log uptime
Service password-encryption
!
Hostname VPN2509
!
!
Ip subnet-zero
No ip domain-lookup
!
!
Crypto isakmp policy 10
Hash md5
Authentication pre-share
Crypto isakmp key cisco123 address 200.1.1.1
!
!
Crypto ipsec transform-set myset esp-des esp-md5-hmac
!
Crypto map mymap 10 ipsec-isakmp
Set peer 200.1.1.1
Set transform-set myset
Match address 120
!
!
!
!
Interface Loopback0
Ip address 192.168.1.1 255.255.255.0
!
Interface Ethernet0
Ip address 200.1.3.1 255.255.255.0
! --- No ip route-cache.
No ip mroute-cache
Crypto map mymap
!
.
.
! --- Output suppressed.
.
.
Ip classless
Ip route 10.1.1.0 255.255.255.0 Ethernet0
Ip route 172.16.0.0 255.255.0.0 Ethernet0
Ip route 200.1.0.0 255.255.0.0 Ethernet0
No ip http server
!
Access-list 120 permit ip 192.168.1.0 0.0.255 172.16.1.0 0.0.255
Access-list 120 permit ip 192.168.1.0 0.0.255 10.1.1.0 0.0.255
!
End