Home > Developer > PHP

VPN configuration between vro and vro

Source: Internet
Author: User
Tags hmac
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
HubRouter2503 # showrunning-configBuildingconfiguration .. Currentconfiguration: 1466 bytes! Version12.2servicetimestampsdebugdatetimemsecservicetimestampsloguptimenoservicepassword-encryption! Hostname2503 !! Ipsubn

Hub Router 2503 # show running-config Building configuration... Current configuration: 1466 bytes! Version 12.2 service timestamps debug datetime msec service timestamps log uptime no service password-encryption! Hostname 2503! ! Ip subn



Hub Router

2503 # show running-config

Building configuration...

Current configuration: 1466 bytes

!

Version 12.2:

Service timestamps debug datetime msec

Service timestamps log uptime

No service password-encryption

!

Hostname 2503

!

!

Ip subnet-zero

!

!

! --- Configuration for IKE policies.

Crypto isakmp policy 10

! --- Enables the IKE policy configuration (config-isakmp)

! --- Command mode, where you can specify the parameters that

! --- Are used during an IKE negotiation.

Hash md5

Authentication pre-share

Crypto isakmp key cisco123 address 200.1.2.1

Crypto isakmp key cisco123 address 200.1.3.1

! --- Specifies the preshared key "cisco123" which shold

! --- Be identical at both peers. This is a global

! --- Configuration mode command.

!

! --- Configuration for IPSec protocols ies.

Crypto ipsec transform-set myset esp-des esp-md5-hmac

! --- Enables the crypto transform configuration mode,

! --- Where you can specify the transform sets that are used

! --- During an IPSec negotiation.

!

Crypto map mymap 10 ipsec-isakmp

! --- Indicates that IKE is used to establish

! --- The IPSec security association for protecting

! --- Traffic specified by this crypto map entry.

Set peer 200.1.2.1

! --- Sets the IP address of the remote end.

Set transform-set myset

! --- Configures IPSec to use the transform-set

! --- "Myset" defined earlier in this configuration.

Match address 110

! --- Specifyies the traffic to be encrypted.

Crypto map mymap 20 ipsec-isakmp

Set peer 200.1.3.1

Set transform-set myset

Match address 120

!

!

!

!

Interface Loopback0

Ip address 10.1.1.1 255.255.255.0

!

Interface Ethernet0

Ip address 200.1.1.1 255.255.255.0

No ip route-cache

! --- You must enable process switching for IPSec

! --- To encrypt outgoing packets. This command disables fast switching.

No ip mroute-cache

Crypto map mymap

! --- Configures the interface to use

! --- Crypto map "mymap" for IPSec.

!

! --- Output suppressed.

Ip classless

Ip route 172.16.1.0 255.255.255.0 Ethernet0

Ip route 192.168.1.0 255.255.255.0 Ethernet0

Ip route 200.1.0.0 255.255.0.0 Ethernet0

Ip http server

!

Access-list 110 permit ip 10.1.1.0 0.0.255 172.16.1.0 0.0.0.255

Access-list 110 permit ip 192.168.1.0 0.0.255 172.16.1.0 0.0.255

Access-list 120 permit ip 10.1.1.0 0.0.255 192.168.1.0 0.0.255

Access-list 120 permit ip 172.16.1.0 0.0.255 192.168.1.0 0.0.255

! --- This crypto ACL-permit identifies

! --- Matching traffic flows to be protected via encryption.

Spoke 1 Router

2509

A # show running-config

Building configuration...

Current configuration: 1203 bytes

!

Version 12.2:

Service timestamps debug datetime msec

Service timestamps log uptime

No service password-encryption

!

Hostname 2509a

!

Enable secret 5 $1 $ DOX3 $ rIrxEnTVTw/7LNbxi. akz0

!

Ip subnet-zero

No ip domain-lookup

!

!

Crypto isakmp policy 10

Hash md5

Authentication pre-share

Crypto isakmp key cisco123 address 200.1.1.1

!

!

Crypto ipsec transform-set myset esp-des esp-md5-hmac

!

Crypto map mymap 10 ipsec-isakmp

Set peer 200.1.1.1

Set transform-set myset

Match address 110

!

!

!

!

Interface Loopback0

Ip address 172.16.1.1 255.255.255.0

!

Interface Ethernet0

Ip address 200.1.2.1 255.255.255.0

No ip route-cache

No ip mroute-cache

Crypto map mymap

!

.

.

! --- Output suppressed.

.

.

Ip classless

Ip route 10.1.1.0 255.255.255.0 Ethernet0

Ip route 192.168.1.0 255.255.255.0 Ethernet0

Ip route 200.1.0.0 255.255.0.0 Ethernet0

No ip http server

!

Access-list 110 permit ip 172.16.1.0 0.0.255 10.1.1.0 0.0.255

Access-list 110 permit ip 172.16.1.0 0.0.255 192.168.1.0 0.0.255

!

End

2509a #

Spoke 2 Router

VPN2509 # show running-config

Building configuration...

Current configuration: 1117 bytes

!

Version 12.2:

Service timestamps debug datetime msec

Service timestamps log uptime

Service password-encryption

!

Hostname VPN2509

!

!

Ip subnet-zero

No ip domain-lookup

!

!

Crypto isakmp policy 10

Hash md5

Authentication pre-share

Crypto isakmp key cisco123 address 200.1.1.1

!

!

Crypto ipsec transform-set myset esp-des esp-md5-hmac

!

Crypto map mymap 10 ipsec-isakmp

Set peer 200.1.1.1

Set transform-set myset

Match address 120

!

!

!

!

Interface Loopback0

Ip address 192.168.1.1 255.255.255.0

!

Interface Ethernet0

Ip address 200.1.3.1 255.255.255.0

! --- No ip route-cache.

No ip mroute-cache

Crypto map mymap

!

.

.

! --- Output suppressed.

.

.

Ip classless

Ip route 10.1.1.0 255.255.255.0 Ethernet0

Ip route 172.16.0.0 255.255.0.0 Ethernet0

Ip route 200.1.0.0 255.255.0.0 Ethernet0

No ip http server

!

Access-list 120 permit ip 192.168.1.0 0.0.255 172.16.1.0 0.0.255

Access-list 120 permit ip 192.168.1.0 0.0.255 10.1.1.0 0.0.255

!

End

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
vro player vro video converter convert vro to mp4 anyconnect vpn configuration sonicwall ssl vpn configuration ios ipsec vpn configuration netgear vpn configuration

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More