Thank you so much Piotr, Tyson, Tony and rest of the guys.
You are the best.
I got pretty good reference from you guys and will try to build it. Keep you
posted.
I have ACS at home so I will try to play with security permissions for remote
users.
Best Regards.
______________________
Adil
On Sep 25, 2010, at 1:55 AM, Piotr Matusiak wrote:
> Hi Adil,
>
>
> Is that what you're looking for:
>
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_exampl
e09186a0080093dc8.shtml
>
> HTH,
> --
> Piotr Matusiak
> CCIE #19860 (R&S, Security)
> Technical Instructor
> website: www.MicronicsTraining.com
> blog: www.ccie1.com
>
> �If you can't explain it simply, you don't understand it well enough� -
Albert Einstein
>
>
> 2010/9/25 Adil Pasha <aspasha_at_gmail.com>
> Thanks for your reply Joseph.
>
> With all due apology I am still confused. Let me put my complete scenario
> here:
> * My remote client (my laptop) is going to terminate the IPSec tunnel
> on Cisco 2851 router in the office.
> * The tunnel termination is the loopback interface or it could be
f0/0
> physical interface of Cisco 2851.
> * When I connect to Cisco 2851 I get an IP address (1.1.1.9) assigned
> by the router.
> * Now I want to get to my internal networks using the same interface
> f0/0.
> * If the IP address assigned to my laptop is routable that will I be
> able to access rest of the network? I do not see why not.
> * But if I want to go to Internet (www.cisco.com) that is the problem
> and not working.
>
> Is there any sample config that I can review?
>
> Thanks in advance for everyone's support.
>
> Adil.
>
> -----Original Message-----
> From: Joseph L. Brunner [mailto:joe_at_affirmedsystems.com]
> Sent: Friday, September 24, 2010 5:05 PM
> To: Adil Pasha; Cisco certification
> Subject: RE: IPSec Hairpin on Cisco 2851.
>
> ?
>
> It's not like an asa requiring the "intra" and "inter" interface commands;
>
>
> With IOS always crypto to crypto as long as both remote subnets are known
in
> the routing table (or via default route) via the crypto map interface;
>
> Simply make crypto map acl entries providing peer1 peer2's subnets and vice
> versa. They'll figure it out. Of course any routers/firewalls at those
sites
> need to route to their crypto map applied interface and do crypto to get
to
> the other site :)
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Adil
> Pasha
> Sent: Friday, September 24, 2010 4:34 PM
> To: Cisco certification
> Subject: IPSec Hairpin on Cisco 2851.
>
> Just wanted to know if Cisco 2851 supports IPSec Hairpin ?
>
>
>
> Could you please let me know if it works and what is the command?
>
>
>
> I could not find it.
>
>
>
> Adil.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sat Sep 25 2010 - 13:56:44 ART