question regarding IPSEC Setup
David DeSimone
fox at verio.net
Fri Jul 17 06:22:23 UTC 2009
rascal <rascal1981 at gmail.com> wrote:
>
> If I could ask one more favor; what does your cisco config look like
> that would match one of these? I have got mine configed based on
> someone else's tunnel specs and while I am sure they are comparable I
> wanted to make sure I wasn't missing anything.
Here's an example config that I sanitized from one of our Cisco routers;
I think it should work, but it's only an example. At some point you
have to adapt these configs to your own situation. :)
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp key SecretKey!! address 11.22.33.44
crypto ipsec transform-set AES-SHA1 esp-aes esp-sha-hmac
crypto map IPSEC local-address GigabitEthernet0/1
crypto map IPSEC 1 ipsec-isakmp
set peer 11.22.33.44
set transform-set AES-SHA1
match address remote-site
interface GigabitEthernet0/1
ip address 55.66.77.88 255.255.255.224
crypto map IPSEC
ip access-list extended remote-site
permit ip 10.20.50.60 0.0.0.255 10.10.30.40 0.0.0.255
permit ip 10.20.50.60 0.0.0.255 10.10.30.50 0.0.0.255
permit ip 10.20.50.70 0.0.0.255 10.10.30.40 0.0.0.255
permit ip 10.20.50.70 0.0.0.255 10.10.30.50 0.0.0.255
--
David DeSimone == Network Admin == fox at verio.net
"I don't like spinach, and I'm glad I don't, because if I
liked it I'd eat it, and I just hate it." -- Clarence Darrow
This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you.
More information about the freebsd-net
mailing list