Esempio config router con vpn l2l e client senza nat

Virtual private networks e affini

Moderatore: Federico.Lagni

Rispondi
Avatar utente
Wizard
Intergalactic subspace network admin
Messaggi: 3441
Iscritto il: ven 03 feb , 2006 10:04 am
Località: Emilia Romagna
Contatta:
Contatta Wizard

Codice: Seleziona tutto

boot system flash c1841-advsecurityk9-mz.124-23.bin
boot-end-marker
!
enable secret 5 ***
!
no aaa new-model
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
username admin privilege 15 password ***
username user01 password ***
!
!
! 
crypto logging session
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
 lifetime 14400
crypto isakmp key *** address *** no-xauth

crypto isakmp keepalive 10
crypto isakmp nat keepalive 20
crypto isakmp xauth timeout 90

!
crypto isakmp client configuration group remote-vpn
 key ***
 pool remote-pool
 save-password
 max-users 10
 max-logins 10
!
crypto ipsec security-association idle-time 3600
!
crypto ipsec transform-set VPN-CLI-SET esp-3des esp-md5-hmac 
!
crypto dynamic-map remote-dyn 10
 set transform-set VPN-CLI-SET 
 reverse-route
!
!
crypto map remotemap local-address Loopback0
crypto map remotemap client authentication list userauthen
crypto map remotemap isakmp authorization list groupauthor
crypto map remotemap client configuration address respond
crypto map remotemap 20 ipsec-isakmp 
 set peer ***
 set transform-set VPN-CLI-SET 
 set pfs group2
 match address 151
crypto map remotemap 65535 ipsec-isakmp dynamic remote-dyn 
!
!
!
interface Loopback0
 ip address *** 255.255.255.255
!
interface FastEthernet0/0
 description INSIDE
 ip address *** 255.255.255.0
 duplex auto
 speed auto
 no keepalive
!
interface FastEthernet0/1
 description OUTSIDE
 ip address *** 255.255.255.128
 duplex auto
 speed auto
 no keepalive
 crypto map remotemap
!
interface Serial0/0/0
 no ip address
 shutdown
 no fair-queue
 clock rate 2000000
!
interface BRI0/1/0
 no ip address
 encapsulation hdlc
 shutdown
!
ip local pool remote-pool ***
ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 ***
ip route ip_pool 255.255.255.255 FastEthernet0/1

!
ip http server
no ip http secure-server
!
access-list 151 remark *** CRYPTO ACL PER TUNNEL IPSEC ***
access-list 151 remark *************************************************************
access-list 151 permit ip host *** *** 0.0.0.255
access-list 151 remark *************************************************************
!
!
control-plane
!
banner motd ^C
--------------------------------------------------------------
System is RESTRICTED to authorized personnel ONLY
Unauthorized use of this system will be logged and prosecuted
to the fullest extent of the law.
If you are NOT authorized to use this system, LOG OFF NOW
--------------------------------------------------------------
^C
!
line con 0
 login local
line aux 0
line vty 0 4
 login local
!
scheduler allocate 20000 1000
end
Il futuro è fatto di persone che hanno delle intuizioni e visioni .....sono quelle persone che fanno la differenza...... quelle dotate di un TERZO OCCHIO....
Top
Rispondi

Torna a “VPN”