Post on 27-Nov-2018
!
crypto isakmp key mtt3rvLBO3jCoV50zoE address 192.168.1.2
!
crypto isakmp policy 10
encr 3des
authentication pre-share
hash sha
!
crypto ipsec transform-set TS esp-des esp-sha-hmac
!
crypto ipsec profile IPsecP
set transform-set TS
!
interface Serial0
ip address 192.168.1.1 255.255.255.252
!
interface Tunnel0
ip address 10.1.1.1 255.255.255.252
ip mtu 1300
tunnel source Serial0
tunnel destination 192.168.2.1
tunnel protection ipsec profile IP
tunnel mode ipsec ipv4
!
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 10.0.0.0 255.0.0.0 Tunnel0
!
!
crypto keyring WPSK
pre-shared-key address 0.0.0.0 0.0.0.0 key rvH0cnVLUGe8naVY
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp profile DVTI
keyring WPSK
match identity address 0.0.0.0
virtual-template 1
!
crypto ipsec transform-set TS esp-3des esp-sha-hmac
!
crypto ipsec profile VTI
set transform-set TS
!
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
tunnel mode ipsec ipv4
tunnel protection ipsec profile VTI
!
!
crypto keyring WPSK
pre-shared-key address 0.0.0.0 0.0.0.0 key rvH0cnVLUGe8naVY
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto ipsec transform-set TS esp-3des esp-sha-hmac
!
crypto ipsec profile VTI
set transform-set TS
!
interface Tunnel0
ip unnumbered Loopback0
tunnel source FastEthernet0/0
tunnel destination 192.168.1.1
tunnel mode ipsec ipv4
tunnel protection ipsec profile VTI
!
!
R1# show ip interface brief
Interface IP-
Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.1 YES NVRAM up
up
FastEthernet0/1 unassigned YES NVRAM administratively down
down
SSLVPN-
VIF0 unassigned NO unset up up
Virtual-
Access1 unassigned YES unset down down
Virtual-
Template1 10.1.1.1 YES TFTP down down
Virtual-
Access2 10.1.1.1 YES TFTP up up
Virtual-
Access3 10.1.1.1 YES TFTP up up
Loopback0 10.1.1.1 YES NVRAM up
up
Loopback1 10.100.1.1 YES manual up
up
R1# show crypto ipsec sa
interface: Virtual-Access3
Crypto map tag: Virtual-Access3-head-0, local addr 192.168.1.1
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer 192.168.1.3 port 500
PERMIT, flags={origin_is_acl,}
…
!
R1# show crypto ipsec sa
interface: Virtual-Access2
Crypto map tag: Virtual-Access2-head-0, local addr 192.168.1.1
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (10.100.2.0/255.255.255.0/0/0)
current_peer 192.168.1.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 4, #pkts encrypt: 4, #pkts digest: 4
…
R1# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-
user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0 255.0.0.0 is variably subnetted, 6 subnets, 3 masks
C 10.1.1.0 255.255.255.0 is directly connected, Loopback0
S 10.0.0.0 255.0.0.0 [1/0] via 10.1.1.2
S 10.100.2.0 255.255.255.0 [1/0] via 192.168.1.2, Virtual-Access2
C 10.100.1.0 255.255.255.0 is directly connected, Loopback1
C 192.168.1.0 255.255.255.0 is directly connected, FastEthernet0/0
R1#
!
crypto ipsec client ezvpn GRP1
peer 192.168.1.1
group GRP1 key ZRaAJvQj6P845dsw
mode network
!
interface FastEthernet0/0
description Internet link
crypto ipsec client ezvpn GRP1
!
interface FastEthernet1/0
description LAN
crypto ipsec client ezvpn GRP1 inside
!
!
crypto isakmp client configuration group GRP1
key ZRaAJvQj6P845dsw
dns 10.1.1.10 10.1.1.20
domain nil.com
pool POOL
!
ip local pool dynpool 10.200.1.1 10.200.1.100
!
!
crypto ipsec client ezvpn GRP1
peer 192.168.1.1
group GRP1 key ZRaAJvQj6P845dsw
mode network
virtual-interface 1
!
interface Virtual-Template1 type tunnel
no ip address
tunnel mode ipsec ipv4
service-policy output SLA
!
interface FastEthernet0/0
description Internet link
crypto ipsec client ezvpn GRP1
!
interface FastEthernet1/0
description LAN
crypto ipsec client ezvpn GRP1 inside
!