Майне кляйне net of mine

GRE-over-IPSEC
Tunnels 10.0.0.0/252
HQ/SPOKE-I 12/21 10.0.0.1/10.0.0.2
HQ/SPOKE-II 13/31 10.0.0.5/10.0.0.6

<HQ>
<Tunnels>
<Tunnel12>
int Tunnel 12
description ###TO SPOKE-I###
ip address 10.0.0.1 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 10.2.1.2
tunnel destination 10.0.1.2
</Tunnel12>
<Tunnel13>
int Tunnel 13
description ###TO SPOKE-I###
ip address 10.0.0.5 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 10.2.1.2
tunnel destination 10.1.1.2
</Tunnel12>
<route>
ip route 192.168.1.0 255.255.255.0 Tunnel12
ip route 192.168.2.0 255.255.255.0 Tunnel12
ip route 192.168.3.0 255.255.255.0 Tunnel13
ip route 192.168.4.0 255.255.255.0 Tunnel13
</route>
</Tunnels>
<ISAKMP>
<isakmp pol1>
cry isakmp pol 1
encr 3des
hash md5
auth pre-share
group 5
lifetime 86400
</isakmp pol1>
<PSK>
0.0.0.0 ???
cry isakmp key CISCO address 10.0.1.2
cry isakmp key CISCO address 10.1.1.2
</PSK>
</ISAKMP>
<IPSEC>
    <TS: TS-SPOKEXX>
crypto ipsec transform-set TS-SPOKEXX esp-3des esp-md5-hmac
mode trans
    </TS: TS-SPOKEXX>
    <ipsec profile P_SPOKEXX>
crypt ipsec profile P_SPOKEXX-GRE
set security-assoc lifetime sec 86400
set transform-set TS-SPOKEXX
    </ipsec profile P_SPOKEXX>
</IPSEC>
</HQ>

<SPOKE-I>
<Tunnel21>
int Tunnel 21
description ###TO HQ###
ip address 10.0.0.2 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 10.0.1.2
tunnel destination 10.2.1.2
</Tunnel21>
<route>
ip route 192.169.1.0 255.255.255.0 Tunnel21
ip route 192.169.2.0 255.255.255.0 Tunnel21
ip route 192.169.3.0 255.255.255.0 Tunnel21
ip route 192.169.4.0 255.255.255.0 Tunnel21
</route>

<ISAKMP>
<isakmp pol1>
cry isakmp pol 1
encr 3des
hash md5
auth pre-share
group 5
lifetime 86400
</isakmp pol1>
<PSK>
cry isakmp key CISCO address 10.2.1.2
</PSK>
</ISAKMP>
<IPSEC>
<TS>
crypt ipsec transform-set HQ esp-3des esp-md5-hmac
mode transport
</TS>
<ipsec profile P_HQ-GRE>
crypto ipsec profile P_HQ-GRE
set security-assoc lifetime sec 86400
set transform-set HQ
</ipsec profile P_HQ-GRE>
</IPSEC>
</SPOKE-I>

<SPOKE-II>
<Tunnel31>
int Tunnel 31
description ###TO HQ###
ip address 10.0.0.6 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 10.1.1.2
tunnel destination 10.2.1.2
</Tunnel21>
<route>
ip route 192.169.1.0 255.255.255.0 Tunnel31
ip route 192.169.2.0 255.255.255.0 Tunnel31
ip route 192.169.3.0 255.255.255.0 Tunnel31
ip route 192.169.4.0 255.255.255.0 Tunnel31
</route>
<ISAKMP>
<isakmp pol1>
cry isakmp pol 1
encr 3des
hash md5
auth pre-share
group 5
lifetime 86400
</isakmp pol1>
<PSK>
cry isakmp key CISCO address 10.2.1.1
</PSK>
</ISAKMP>
<IPSEC>
<TS>
crypto ipsec transform-set HQ esp-3des esp-md5-hmac
mode transport
</TS>
<ipsec pol P_HQ-GRE>
cry ipsec profile P_HQ-GRE
set security-assoc lifetime sec 86400
set transform-set HQ
</ipsec pol P_HQ-GRE>
</IPSEC>
</SPOKE-II>

Майне кляйне net of mine

Ярлыки

Интересные ссылки

Обо мне