Last active
March 28, 2018 01:01
-
-
Save tlherr/ad96cf72db79efce20b4d0d35c28376f to your computer and use it in GitHub Desktop.
Cisco VPN Setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Config for Router: Router 1 | |
## Enable Security Package | |
enable | |
config terminal | |
license boot module c2900 technology-package securityk9 | |
### PHASE 1: | |
enable | |
config terminal | |
Router1(config)#crypto isakmp policy 10 | |
Router1(config-isakmp)#hash md5 | |
Router1(config-isakmp)#authentication pre-share | |
Router1(config)#crypto isakmp key testkey address 10.100.100.2 | |
### PHASE 2: | |
enable | |
config terminal | |
Router1(config)#crypto ipsec transform-set testset esp-des esp-md5-hmac | |
Router1(config)#crypto map testmap 10 ipsec-isakmp | |
Router1(config-crypto-map)#set peer 10.100.100.2 | |
Router1(config-crypto-map)#set transform-set myset | |
Router1(config-crypto-map)#match address 100 | |
Router1(config-crypto-map)#end | |
### PHASE 3: (Apply Crypto Map to outside Interface) | |
enable | |
config terminal | |
Router1(config)#interface gi0/0 | |
Router1(config-if)#crypto map testmap | |
Router1(config)#access-list 100 permit ip 10.1.1.0 0.0.0.255 10.20.20.0 0.0.0.255 | |
enable | |
config terminal | |
ip nat inside source list 1 interface gi0/0 overload | |
access-list 1 permit 10.1.1.0 0.0.0.255 | |
# Change NAT | |
enable | |
config terminal | |
Router1(config)#access-list 122 deny ip 10.1.1.0 0.0.0.255 10.20.20.0 0.0.0.255 | |
Router1(config)#access-list 122 permit ip 10.1.1.0 0.0.0.255 any | |
Config for Router: Router 2 | |
## Enable Security Package | |
enable | |
config terminal | |
license boot module c2900 technology-package securityk9 | |
### PHASE 1: | |
enable | |
config terminal | |
Router1(config)#crypto isakmp policy 10 | |
Router1(config-isakmp)#hash md5 | |
Router1(config-isakmp)#authentication pre-share | |
Router1(config)#crypto isakmp key testkey address 10.100.100.2 | |
### PHASE 2: | |
enable | |
config terminal | |
Router1(config)#crypto ipsec transform-set testset esp-des esp-md5-hmac | |
Router1(config)#crypto map testmap 10 ipsec-isakmp | |
Router1(config-crypto-map)#set peer 10.100.100.2 | |
Router1(config-crypto-map)#set transform-set myset | |
Router1(config-crypto-map)#match address 100 | |
Router1(config-crypto-map)#end | |
### PHASE 3: (Apply Crypto Map to outside Interface) | |
enable | |
config terminal | |
Router1(config)#interface gi0/0 | |
Router1(config-if)#crypto map testmap | |
Router1(config)#access-list 100 permit ip 10.10.10.0 0.0.0.255 10.20.20.0 0.0.0.255 | |
enable | |
config terminal | |
ip nat inside source list 1 interface gi0/0 overload | |
access-list 1 permit 10.10.10.0 0.0.0.255 | |
# Change NAT | |
enable | |
config terminal | |
Router1(config)#access-list 122 deny ip 10.10.10.0 0.0.0.255 10.20.20.0 0.0.0.255 | |
Router1(config)#access-list 122 permit ip 10.10.10.0 0.0.0.255 any | |
Config for Router: Router 3 for Router 1 | |
## Enable Security Package | |
enable | |
config terminal | |
license boot module c2900 technology-package securityk9 | |
### PHASE 1: | |
enable | |
config terminal | |
Router1(config)#crypto isakmp policy 10 | |
Router1(config-isakmp)#hash md5 | |
Router1(config-isakmp)#authentication pre-share | |
Router1(config)#crypto isakmp key testkey address 172.16.1.1 | |
### PHASE 2: | |
enable | |
config terminal | |
Router1(config)#crypto ipsec transform-set testset esp-des esp-md5-hmac | |
Router1(config)#crypto map testmap 10 ipsec-isakmp | |
Router1(config-crypto-map)#set peer 172.16.1.1 | |
Router1(config-crypto-map)#set transform-set myset | |
Router1(config-crypto-map)#match address 100 | |
Router1(config-crypto-map)#end | |
### PHASE 3: (Apply Crypto Map to outside Interface) | |
enable | |
config terminal | |
Router1(config)#interface gi0/0 | |
Router1(config-if)#crypto map testmap | |
Router1(config)#access-list 100 permit ip 10.20.20.0 0.0.0.255 10.1.1.0 0.0.0.255 | |
enable | |
config terminal | |
ip nat inside source list 1 interface gi0/0 overload | |
access-list 1 permit 10.20.20.0 0.0.0.255 | |
# Change NAT | |
enable | |
config terminal | |
Router1(config)#access-list 122 deny ip 10.20.20.0 0.0.0.255 10.1.1.0 0.0.0.255 | |
Router1(config)#access-list 122 permit ip 10.20.20.0 0.0.0.255 any | |
Config for Router: Router 3 for Router 2 | |
## Enable Security Package | |
enable | |
config terminal | |
license boot module c2900 technology-package securityk9 | |
### PHASE 1: | |
enable | |
config terminal | |
Router1(config)#crypto isakmp policy 10 | |
Router1(config-isakmp)#hash md5 | |
Router1(config-isakmp)#authentication pre-share | |
Router1(config)#crypto isakmp key testkey address 10.0.0.2 | |
### PHASE 2: | |
enable | |
config terminal | |
Router1(config)#crypto ipsec transform-set testset esp-des esp-md5-hmac | |
Router1(config)#crypto map testmap 10 ipsec-isakmp | |
Router1(config-crypto-map)#set peer 10.0.0.2 | |
Router1(config-crypto-map)#set transform-set myset | |
Router1(config-crypto-map)#match address 100 | |
Router1(config-crypto-map)#end | |
### PHASE 3: (Apply Crypto Map to outside Interface) | |
enable | |
config terminal | |
Router1(config)#interface gi0/0 | |
Router1(config-if)#crypto map testmap | |
Router1(config)#access-list 100 permit ip 10.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255 | |
enable | |
config terminal | |
ip nat inside source list 1 interface gi0/0 overload | |
access-list 1 permit 10.20.20.0 0.0.0.255 | |
# Change NAT | |
enable | |
config terminal | |
Router1(config)#access-list 122 deny ip 10.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255 | |
Router1(config)#access-list 122 permit ip 10.20.20.0 0.0.0.255 any |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment