This document discusses how to configure a site-to-site VPN connection between two Cisco routers to connect two LAN networks. It describes configuring ISAKMP policies, transform sets, access control lists, crypto maps, and applying the crypto map to the interface to establish the VPN tunnel between the routers with IP addresses 11.0.0.1 and 11.0.0.2.
This document discusses how to configure a site-to-site VPN connection between two Cisco routers to connect two LAN networks. It describes configuring ISAKMP policies, transform sets, access control lists, crypto maps, and applying the crypto map to the interface to establish the VPN tunnel between the routers with IP addresses 11.0.0.1 and 11.0.0.2.
This document discusses how to configure a site-to-site VPN connection between two Cisco routers to connect two LAN networks. It describes configuring ISAKMP policies, transform sets, access control lists, crypto maps, and applying the crypto map to the interface to establish the VPN tunnel between the routers with IP addresses 11.0.0.1 and 11.0.0.2.
This document discusses how to configure a site-to-site VPN connection between two Cisco routers to connect two LAN networks. It describes configuring ISAKMP policies, transform sets, access control lists, crypto maps, and applying the crypto map to the interface to establish the VPN tunnel between the routers with IP addresses 11.0.0.1 and 11.0.0.2.
site-to-site remote-access Presupunem ca avem doua LAN-uri 10.0.0.0 si 12.0.0.0. Vrem sa configuram un tunel VPN intre routerele celor doua LAN-uri, routere care au adresele 11.0.0.1 si respectiv 11.0.0.2. Pentru a configura o conexiune site-to-site prin IPsec vom urma urmatorii pasi: 1) ISAKMP Router(config)#crypto isakmp enable Router(config)#crypto isakmp policy 10 Router(config-isakmp)#authentication pre-share Router(config-isakmp)#encryption aes Router(config-isakmp)#hash sha Router(config-isakmp)#group 2 Router(config-isakmp)#exit Router(config)#crypto isakmp key 0 address 11.0.0.1 0.0.0.0 2) Transform Set Router(config)#crypto ipsec transform-set TSNAME esp-aes esp-sha-hmac Router(config)#crypto ipsec security-association lifetime seconds 86400 3) ACL Router(config)#ip access-list extended VPN Router(config-ext-nacl)#permit ip 12.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 Router(config-ext-nacl)#exit 4) Crypto map Router(config)#crypto map CMAP 100 ipsec-isakmp Router(config-crypto-map)#match address VPN Router(config-crypto-map)#set peer 11.0.0.1 Router(config-crypto-map)#set pfs group2 Router(config-crypto-map)#set transform-set TSNAME Router(config-crypto-map)#exit 5) Aplicarea pe interfata Router(config)#int fa0/1 Router(config-if)#crypto map CMAP Aceiasi pasi vor fi urmati si pe celalalt router (11.0.0.2), inversand adresele IP pentru ACL.