Netl33ts: Cisco 6.3x VPN Example

Saturday, February 28, 2009

Cisco 6.3x VPN Example

Phase I
isakmp enable outside
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 authentication pre-share or rsa-sig
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400

isakmp key abc123 address 192.168.1.2 netmask 255.255.255.255
isakmp identity address

show isakmp policy
show isakmp

Phase 2
access-list 101 permit ip 10.0.1.0 255.255.255.0 172.16.1.0 255.255.255.0
nat (inside) 0 access-list 101
crypto ipsec transform-set customer1 esp-des esp-sha-hmac

crypto map PIX1MAP 10 ipsec-isakmp
crypto map PIX1MAP 10 match address 101
crypto map PIX1MAP 10 set peer 192.168.2.1
crypto map PIX1MAP 10 set transform-set customer1
crypto map PIX1MAP 10 set security-association lifetime seconds 28800
crypto map PIX1MAP 10 set pfs group1
crypto map PIX1MAP interface outside

crypto dynamic-map dynamic-map-name dynamic-seq-num

show crypto map
show isakmp
show isakmp policy
show access-list
show crypto ipsec transform-set
show crypto map

clear crypto ipsec sa
clear crypto isakmp sa
debug crypto ipsec
debug crypto isakmp

Saturday, February 28, 2009

Cisco 6.3x VPN Example

0 comments:

Post a Comment

Help keep Netl33ts going. Please DONATE

Categories

Recent Comments

Blog Archive

Saturday, February 28, 2009

Cisco 6.3x VPN Example

0 comments:

Post a Comment

Help keep Netl33ts going. Please DONATE

Subscribe To

Categories

Recent Comments

Blog Archive