![]() So, just initiate the traffic towards the remote subnet. However, we need to initiate the traffic towards the remote networks to make the tunnel up and run. We have done the configuration on both the Cisco Routers. R2(config-if)#ip nat inside Testing the Configuration of IPSec Tunnel *Jan 12 16:20:19.555: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up R2(config)#ip nat inside source list 100 interface FastEthernet 0/0 overload Now, just configure the NAT using this extended List. R2(config-crypto-map)#match address IPSEC_List R2(config)#interface FastEthernet 0/0 R2(config-crypto-map)#set transform-set TSET % NOTE: This new crypto map will remain disabled until a peerĪnd a valid access list have been configured.R2(config-crypto-map)#set peer 1.1.1.1 R2(config-isakmp)# lifetime 86400 R2(config)#crypto isakmp key Gns3Network address 1.1.1.1 Phase 2 configuration on the Cisco Router R2 R2(config)#crypto ipsec transform-set TSET esp-3des esp-md5-hmac Configuring the Extended ACL and Crypto MAP R2(cfg-crypto-trans)#ip access-list extended IPSEC_List R2(config-isakmp)# authentication pre-share This ACL (Access Control List) will match the traffic of our Local LAN and we will use this ACL in Crypto MAP Configuration.Ĭonfiguring the Phase 1 on the Cisco Router R2 R2#configure terminal R1(config)#ip access-list extended IPSEC_List Now, we need to configure the Extended ACL and Crypto MAP to match the traffic. R1(config)#crypto ipsec transform-set TSET esp-3des esp-md5-hmac Configuring the Extended ACL and Crypto MAP ![]() IPSec Protocol: ESP (Encapsulation Security Payload).In this example, I am using the below parameters: Along with the Protocol, we also need to define the Encryption and Hashing algorithms. AH (Authentication Header) or ESP (Encapsulation Security Payload). Here, you need to define the IPSec Protocol i.e. Now, we need to configure the IPSec VPN Phase 2 Parameters. R1(config)#crypto isakmp key Gns3Network address 2.2.2.2 Configuring the Phase 2 on the Cisco Router R1 I am using Gns3Network as a Pre-Shared Key. Access the global configuration mode of the router and define the Pre-Shared key. R1(config-isakmp)#authentication pre-share Lifetime: 86400 ( Default lifetime for the Phase1)Įnter configuration commands, one per line. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |