8.2 AND BELOW CONFIG:
PHASE I SA:
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
TUNNEL GROUP FOR PHASE I TUNNEL SETUP:
tunnel-group 22.33.44.55 type ipsec-l2l
tunnel-group 22.33.44.55 ipsec-attributes
pre-shared-key VPNkey$
PHASE II SA:
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
PHASE II TUNNEL SETUP:
crypto map outside_map 20 match address FarEnd
crypto map outside_map 20 set peer 22.33.44.55
crypto map outside_map 20 set transform-set ESP-3DES-SHA
NO NAT APPLICATION:
nat (inside) 0 access-list inside_nat0_outbound
NONAT ACL:
access-list inside_nat0_outbound extended permit ip 10.0.7.0 255.255.255.0 host 192.168.5.5
INTERESTING TRAFFIC ACL:
access-list FarEnd extended permit ip 10.0.7.0 255.255.255.0 host 192.168.5.5
APPLY CRYPTO MAP TO THE OUTSIDE INTERFACE:
crypto map outside_map interface outside
8.3 AND LATER CONFIG:
DESTINATION OBJECT:
object network object-10.0.7.0
subnet 10.0.7.0 255.255.255.0
SOURCE OBJECT:
object network obj-192.168.5.5-01
host 192.168.5.5
INTERESTING TRAFFIC ACL:
access-list FarSide extended permit ip host 192.168.5.5 10.0.7.0 255.255.255.0
NONAT NAT STATEMENT:
nat (dmz,outside) source static obj-192.168.5.5-01 obj-192.168.5.5-01 destination static obj-10.0.7.0 obj-10.0.7.0 no-proxy-arp route-lookup
PHASE I SA:
crypto ikev1 policy 11
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
TUNNEL GROUP FOR PHASE I TUNNEL SETUP:
tunnel-group 66.77.88.99 type ipsec-l2l
tunnel-group 66.77.88.99 ipsec-attributes
pre-shared-key VPNkey$
PHASE II SA:
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
PHASE II TUNNEL SETUP:
crypto map outside_map 130 match address FarSide
crypto map outside_map 130 set peer 66.77.88.99
crypto map outside_map 130 set transform-set ESP-3DES-SHA
APPLY CRYPTO MAP TO THE OUTSIDE INTERFACE:
crypto map outside_map interface outside
No comments:
Post a Comment
Your comment will be reviewed for approval. Thank you for submitting your comments.