Powered by Blogger.
Home » CISCO » IPSec » Tunneling » VPN » Static to Dynamic IPsec configuration

Static to Dynamic IPsec configuration

Posted by Unknown Thursday, February 14, 2013 0 comments

!
ip subnet-zero
!

!--- These are the IKE policies.

crypto isakmp policy 1

!--- Defines an Internet Key Exchange (IKE) policy.
!--- Use the crypto isakmp policy command
!--- in global configuration mode.
!--- IKE policies define a set of parameters to be used
!--- during the IKE phase I negotiation.

 hash md5
authentication pre-share

!--- Specifies pre-shared keys as the authentication method.

crypto isakmp key Chris123 address 165.228.212.83

!--- Configures a pre-shared authentication key,
!--- used in global configuration mode.

!

!--- These are the IPSec policies.

crypto ipsec transform-set rtpset esp-des esp-md5-hmac

!--- A transform set is an acceptable combination
!--- of security protocols and algorithms.
!--- This command defines a transform set
!--- that has to be matched on the peer router.

!
crypto map rtp 1 ipsec-isakmp

!--- Creates a crypto map and indicates that IKE will be used
!--- to establish the IPSec SAs for protecting
!--- the traffic specified by this crypto map entry.


set peer 165.228.212.83

!--- Use the set peer command to specify an IPSec peer in a crypto map entry.

set transform-set rtpset

!--- Configure IPSec to use the transform set "rtpset"
!--- that was defined previously.

 match address 115
 exit

!--- Include the private-network-to-private-network traffic
!--- in the encryption process.

interface Ethernet 0
 description --- Ethernet LAN ---
 ip address 192.168.0.254 255.255.255.0

 ip virtual-reassembly
 ip tcp adjust-mss 1420

!
!
ip dhcp excluded-address 192.168.0.251 192.168.0.254
!
ip dhcp pool lan
network 192.168.0.0 255.255.255.0
default-router 192.168.0.254
dns-server 192.168.0.254
lease infinite

interface ATM0
 description --- Telsra ADSL ---
 no ip address
 no shutdown
 no atm ilmi-keepalive
 pvc 8/35
  tx-ring-limit 3
  encapsulation aal5snap
  pppoe-client dial-pool-number 1


interface Dialer0
 description --- Telsra ADSL ---
 ip address negotiated
 ip mtu 1460
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1420
 dialer pool 1
 dialer-group 1
 ppp chap hostname tareet0@direct.telsra.net
 ppp chap password 233981
 crypto map rtp

ip nat inside source list NAT interface Dialer0 overload

ip nat inside source route-map nonat interface Dialer0 overload

Categories: , , , icon
Pin It

Related Post:



0 comments:

Post a Comment

Copyright © My CISCO Journal . All rights reserved.