From: Dustin.Yates@xxxxxxxxxxxx
Date: Thu Apr 18 2002 - 00:19:04 GMT-3
I'm working an IPSec series of labs that does have the solution for this
task. I put it on my lab routers, but I'm not sure if it's correct. Any
concerns with what I've proposed as a solution?
Requirement:
Provide for encryption of telnet sessions between R1's serial 0 interface
(1.1.1.1) and R2's serial 0 interface (2.2.2.2) through a GRE tunnel. Only
encrypt the telnet traffic.
My Solution:
on r1:
crypto isakmp policy 10
auth pre-share
crypto isakmp key telnet-tunnel address 2.2.2.2
crypto ipsec transform-set telnet esp-des
crypto map telnet 10 ipsec-isakmp
set peer 2.2.2.2
set transform-set telnet
match address 100
int tunnel 0
ip unnumbered
tunnel source serial 0
tunnel destination 2.2.2.2
crypto map telnet
int serial 0
ip policy route-map telnet
route-map telnet permit 10
match ip address 150
set interface tunnel 0
access-list 100 permit gre host 1.1.1.1 host 2.2.2.2
access-list 150 permit tcp host 1.1.1.1 host 2.2.2.2 eq telnet
on r2:
crypto isakmp policy 10
auth pre-share
crypto isakmp key telnet-tunnel address 1.1.1.1
crypto ipsec transform-set telnet esp-des
crypto map telnet 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set telnet
match address 100
int tunnel 0
ip unnumbered
tunnel source serial 0
tunnel destination 1.1.1.1
crypto map telnet
int serial 0
ip policy route-map telnet
route-map telnet permit 10
match ip address 150
set interface tunnel 0
access-list 100 permit gre host 2.2.2.2 host 1.1.1.1
access-list 150 permit tcp host 2.2.2.2 host 1.1.1.1 eq telnet
TIA! dy
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:12 GMT-3