Script config VPN L2L IPSec su IOS (router)

Virtual private networks e affini

Moderatore: Federico.Lagni

Rispondi
Avatar utente
Wizard
Intergalactic subspace network admin
Messaggi: 3441
Iscritto il: ven 03 feb , 2006 10:04 am
Località: Emilia Romagna
Contatta:

Codice: Seleziona tutto

	### LATO 1 ###

crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key ### address ### no-xauth

crypto ipsec transform-set VPN-SET esp-3des esp-md5-hmac

crypto map VPN local-address dialer1
crypto map VPN 10 ipsec-isakmp
 set peer ### 
 set transform-set VPN-SET
 match address 151

interface dialer1
crypto map VPN 

no access-list 101
access-list 101 remark *************************************************************
access-list 101 remark *** ACL PER PAT E NAT0 ***
access-list 101 remark *************************************************************
access-list 101 deny   ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 any

access-list 151 remark *** CRYPTO ACL PER TUNNEL IPSEC ***
access-list 151 remark *************************************************************
access-list 151 permit   ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 151 remark *************************************************************

	
	### LATO 2 ###

crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key ###  address ### no-xauth

crypto ipsec transform-set VPN-SET esp-3des esp-md5-hmac

crypto map VPN local-address dialer0
crypto map VPN 10 ipsec-isakmp
 set peer ### 
 set transform-set VPN-SET
 match address 151

interface dialer0
crypto map VPN 

no access-list 101
access-list 101 remark ************************************************************
access-list 101 remark *** ACL PER PAT ***
access-list 101 deny   ip 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 101 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 10.0.0.0 0.0.0.255 any
access-list 101 permit ip 192.168.1.0 0.0.0.255 any


access-list 151 remark *** CRYPTO ACL PER TUNNEL IPSEC ***
access-list 151 remark *************************************************************
access-list 151 permit   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 151 remark *************************************************************
Il futuro è fatto di persone che hanno delle intuizioni e visioni .....sono quelle persone che fanno la differenza...... quelle dotate di un TERZO OCCHIO....
Rispondi