Professional Documents
Culture Documents
conf t
int g0/0
Desc ---conn to ISP
ip add 1.1.1.1 255.255.255.0
no sh
int g1/0
Desc conn to LAN
ip add 10.1.1.1 255.255.255.0
no sh
exi
R2-ISP
conf t
int g0/0
Desc ---conn to CE-1
ip add 1.1.1.2 255.255.255.0
no sh
int g1/0
Desc conn to CE-3
ip add 2.2.2.2 255.255.255.0
no sh
exi
R3:
conf t
int g0/0
Desc ---conn to ISP
ip add 2.2.2.3 255.255.255.0
no sh
int g1/0
Desc conn to LAN
ip add 10.3.3.3 255.255.255.0
no sh
exi
=======================================
Site 2 site vpns
Phase I
Isakmp/ikev tunnel -- control plane
<------------------------>
Bidirectional
Phase II
ipsec tunnel -- Data plane
<--------------------
-------------------->
2 unidirectional tunnel
inbound/outbound
! HAGLE
Hash - Data integrity MD5,SHA
Auth - Validation PSK,PKI
Group -DH group 2,5,17
Lifetime - 24 hrs/ 1 day /86400 sec 1 day 1/2 day lower is agreed
Encryption : 3des,Aes
PHASE II
apply
R1
crypto isakmp policy 10
hash md5
auth pre-share
group 5
enc aes
exit
int g0/0
cry map cmap
exi
R3:
crypto isakmp policy 10
hash md5
auth pre-share
group 5
enc aes
exit
int g0/0
cry map cmap
exi