Cisco SRP500 Manual de configuración - Página 5
Navegue en línea o descargue pdf Manual de configuración para Enrutador de red Cisco SRP500. Cisco SRP500 9 páginas. Small business managed router feature site to site ipsec vpns
Imprimir página
IOS Configuration
The following IOS command line configuration is required at site three to establish an IPSec tunnel to site
two.
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key SECRET-KEY address 192.168.200.162
!
!
crypto ipsec transform-set SETNAME esp-3des esp-sha-hmac
!
crypto map CISCO 1 ipsec-isakmp
set peer 192.168.200.162
set transform-set SETNAME
set pfs group2
match address 110
!
interface FastEthernet4
ip address 192.168.200.146
crypto map CISCO
!
interface Vlan1
ip address 192.168.9.1 255.255.255.0
!
access-list 110 permit ip 192.168.9.0 0.0.0.255 192.168.15.0 0.0.0.255
In this case, interface FastEthernet4 is the WAN interface of the SR520 router to which the IPSec tunnel will
be bound. The first section above (isakmp policy) follows the SRP500 IKE Policy configuration. The
following ipsec transform-set and map sections follow the SRP500 IPSec policy configuration.
Access list 110 specifies that all traffic from the local VLAN addressed for the SRP500 VLAN at site two
should traverse the IPSec tunnel.
Verification
Once both endpoints are configured, the VPN tunnel will automatically establish. The SRP500 Status > VPN
page can be used to verify that the connection has been established. This page may also be used to
manually Disconnect/Connect the tunnel if required.
To monitor the VPN connection process on the IOS device, you may use the debug crypto isakmp and
debug crypto ipsec features. The following capture illustrates the connection process for this example.
All contents are Copyright © 1992-2011 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 9