From: Marvin Greenlee (marvingreenlee@yahoo.com)
Date: Tue May 23 2006 - 03:21:30 ART
Ping from S4 to Cat1 is encrypted.
**** S1 ****
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key cisco address 2.2.2.2
!
!
crypto ipsec transform-set myset esp-des
!
crypto map mymap local-address Loopback1
crypto map mymap 1 ipsec-isakmp
set peer 2.2.2.2
set transform-set myset
match address 101
interface Loopback1
ip address 1.1.1.1 255.255.255.0
!
interface Tunnel1
ip address 12.12.12.1 255.255.255.0
tunnel source 1.1.1.1
tunnel destination 2.2.2.2
!
interface Ethernet0/0
ip address 31.31.31.1 255.255.255.0
no ip redirects
ip policy route-map ethpolicy
half-duplex
crypto map mymap
router ospf 1
log-adjacency-changes
passive-interface Tunnel1
network 0.0.0.0 255.255.255.255 area 0
access-list 101 permit gre host 1.1.1.1 host 2.2.2.2
access-list 102 permit ip 31.31.31.0 0.0.0.255
23.23.23.0 0.0.0.255
!
route-map ethpolicy permit 10
match ip address 102
set ip next-hop 12.12.12.2
**** S2 *****
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key cisco address 1.1.1.1
!
!
crypto ipsec transform-set myset esp-des
!
crypto map mymap local-address Loopback1
crypto map mymap 1 ipsec-isakmp
set peer 1.1.1.1
set transform-set myset
match address 101
interface Loopback1
ip address 2.2.2.2 255.255.255.0
!
interface Tunnel1
ip address 12.12.12.2 255.255.255.0
tunnel source 2.2.2.2
tunnel destination 1.1.1.1
!
interface Ethernet0/0
ip address 23.23.23.2 255.255.255.0
ip policy route-map ethpolicy
half-duplex
crypto map mymap
!
router ospf 1
log-adjacency-changes
passive-interface Tunnel1
network 0.0.0.0 255.255.255.255 area 0
access-list 101 permit gre host 2.2.2.2 host 1.1.1.1
access-list 102 permit ip 23.23.23.0 0.0.0.255
31.31.31.0 0.0.0.255
!
route-map ethpolicy permit 10
match ip address 102
set ip next-hop 12.12.12.1
**** S3 *****
interface Ethernet0/0
ip address 31.31.31.3 255.255.255.0
no ip route-cache
no ip mroute-cache
half-duplex
!
interface Ethernet0/0.203
encapsulation dot1Q 203
ip address 23.23.23.3 255.255.255.0
no ip route-cache
no ip mroute-cache
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
access-list 105 deny ip any host 224.0.0.5
access-list 105 permit ip any any
**** S4 ****
interface Ethernet0/0
ip address 31.31.31.4 255.255.255.0
half-duplex
!
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 31.31.31.1
**** Cat1 ****
!
interface FastEthernet0/41
description S1 Eth0/0
switchport access vlan 103
switchport mode dynamic desirable
!
interface FastEthernet0/42
description S2 Eth0/0
switchport access vlan 203
switchport mode dynamic desirable
!
interface FastEthernet0/43
description S3 Eth0/0
switchport access vlan 103
switchport mode dynamic desirable
switchport voice vlan 203
spanning-tree portfast
!
interface FastEthernet0/44
description S4 Eth0/0
switchport access vlan 103
switchport mode dynamic desirable
!
interface Vlan203
ip address 23.23.23.35 255.255.255.0
!
ip route 31.31.31.0 255.255.255.0 23.23.23.2
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of
> Agayev, Teymur
> Sent: Wednesday, May 17, 2006 1:41 PM
> To: ccielab@groupstudy.com
> Subject: VPN on a Stick
>
> Group,
>
> Does anybody know if it possible to configure
> LAN-to-LAN VPN on a Stick
> (a single external interface is used to both receive
> traffic and to
> distribute it after encryption) on Cisco routers and
> if yes - how?
>
> Thanks,
> Teymur
This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:22 ART