Host LAN Ip address : y.y.y.y/mask
peer LAN Ip address : z.z.z.z/mask
text written after ! are comment
conf t
! define a phase 1 policy parameter
crypto isakmp policy 100
encr 3des
hash sha
authentication pre-share
group 2
exit
! define preshared key for peer here peer WAN IP address
crypto isakmp key 0 secret123 address x.x.x.x
! define a phase 2 policy parameter
crypto ipsec transform-set site1-site2 esp-aes 256
! define a map of phase1 and phase2 policy
crypto map VPN 1 ipsec-isakmp
set peer x.x.x.x
set transform-set site1-site2
match address 100
exit
! define a access list
! access list number should be same as defined in crypto map match address
! wild card mask can be calculated by deducting mask from 255.255.255.255
access-list 100 permit ip y.y.y.y
! now apply this crypto map to the host WAN ethernet interface
conf t
! go to the WAN interface here i have assumed g0/0 is the wan interface
int g0/0
! apply crypto map
! crypto map name should be same as defined above
crypto map VPN
! apart from this debug and view commands
show crypto isakmp sa
debug crypto isakmp
No comments:
Post a Comment