Cisco 851W Configuration Guide - Page 88
match address 105, VLAN 1 is the internal interface
UPC - 746320958071
View all Cisco 851W manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 88 highlights
Configuration Example Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation tunnel source fastethernet 0 tunnel destination interface 192.168.101.1 ip route 20.20.20.0 255.255.255.0 tunnel 1 crypto isakmp policy 1 encryption 3des authentication pre-share group 2 ! crypto isakmp client configuration group rtr-remote key secret-password dns 10.50.10.1 10.60.10.1 domain company.com pool dynpool ! crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac ! crypto ipsec security-association lifetime seconds 86400 ! crypto dynamic-map dynmap 1 set transform-set vpn1 reverse-route ! crypto map static-map 1 ipsec-isakmp dynamic dynmap crypto map dynmap isakmp authorization list rtr-remote crypto map dynmap client configuration address respond ! ! Defines the key association and authentication for IPSec tunnel. crypto isakmp policy 1 hash md5 authentication pre-share crypto isakmp key cisco123 address 200.1.1.1 ! ! ! Defines encryption and transform set for the IPSec tunnel. crypto ipsec transform-set set1 esp-3des esp-md5-hmac ! ! Associates all crypto values and peering address for the IPSec tunnel. crypto map to_corporate 1 ipsec-isakmp set peer 200.1.1.1 set transform-set set1 match address 105 ! ! ! VLAN 1 is the internal interface interface vlan 1 ip address 10.1.1.1 255.255.255.0 ip nat inside ip inspect firewall in ! Inspection examines outbound traffic. crypto map static-map no cdp enable ! ! FE4 is the outside or Internet-exposed interface interface fastethernet 4 ip address 210.110.101.21 255.255.255.0 ! acl 103 permits IPSec traffic from the corp. router as well as ! denies Internet-initiated traffic inbound. ip access-group 103 in ip nat outside no cdp enable crypto map to_corporate ! Applies the IPSec tunnel to the outside interface. 7-10 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01