Our New Board

Welcome to our board
It is currently 24 Jan 2018, 07:34

All times are UTC + 3 hours [ DST ]




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Aitai and Cisco do IPSEC VPN
PostPosted: 11 Jan 2018, 09:28 
Offline

Joined: 14 Sep 2016, 10:08
Posts: 2279
<p> A, Cisco (RouteB) </p>
<p> 1.CiscoACL
Nice Price Huawei Me60 X16 Fiber Optic Router Router configuration (mainly refer to IPSec configuration which flow) </p>
<p> router (config) #access-list110permitIP192.168.11.00.0.0.255192.168.100.00.0.0.255</p>
<p> router (config) # access-list110permitIP192.168.100.00.0.0.255192.168.11.00.0.0.255</p>
<p> 2. the first phase of the IKE configuration of </p>
<p> I. use and shared key authentication and shared key encryption algorithm for cisco1122</p>
<p> ii.: des</p>
<p> III. certification md5</p>
<p> algorithm: iv.DH group: group2</p>
<p> v. SA </p>
<p> router the first phase of 28800
Gpon Terminal Huawei Hg8247 seconds (config) #cryptoisakmpenable # IKE enabled (default startup) </p>
<p> router (config) #cryptoisakmppolicy100 IKE # establishment strategy, the priority is 100</p>
<p> router (config-isakmp) authenticationpre-share # # using pre shared Password authentication </p>
<p> router (config-isakmp) #encryptiondes # using DES encryption mode </p>
<p> (config-isakmp) router #group2 # specifies the key figures, group2 more secure, but more consumption of cpu</p>
<p> router (config-isakmp) #hashmd5 # specifies the hash algorithm for the MD5 (the other way: Sha, RSA) </p>
<p> router (config-isakmp) #lifetime28880 # designated SA valid time. The default is 86400 seconds, at both ends of </p>
<p> router (config) #cryptoisakmpkeycisco1122address192.168.0.124# configuration pre shared key (Cisco to specify the other address) </p>
<p> 3.IPSec </p>
<p> I. IPSec second stage configuration configuration: the actual exchange set is the definition of encryption and authentication algorithm in the second stage, subsequent references to </p>
<p> encryption algorithm: DES algorithm: MD5; authentication; encapsulation protocol: ESP</p>
<p> router (config) #cryptoipsectransform-setabcesp-desesp-md5-hmac</p>
<p> configuration IPSec exchange set the name ABC can be taken, both ends of the name can also be different, but other parameters should be consistent. </p>
<p> ii. configuration IPSec encryption map: actually identifies the identity of the other party, which flow to do IPSec, the survival of the second stage SA and the </p>
<p> router exchange set reference (config) #cryptomapmymap100ipsec-isakmp # create encrypted graph mymap can be custom name </p>
<p> router (config-crypto-map) #matchaddress110 # uses ACL to define the encrypted communications </p>
<p> router (config-crypto-map) #setpeer192.168.0.124 the other # ID router IP address </p>
<p> router (config-crypto-map) #settransform-setabc # specifies the encryption map using IPSEC </p>
<p> router (config-crypto-map) exchange in #setsecurity-associationlifetime86400 # specified second stage survival of SA </p>
<p> 4. will be applied to the interface on </p>
<p> Map Encryption router (config) #interfaceethernet0/1 WAN router # into port </p>
<p> (config-if) cryptomapmamap # # encryption Map is applied to the interface of </p>
<p> 5. configuration NONAT: to ensure the access to IPSec is not enabled NAT to end network 192.168.11.0/24, IPSec </p>
<p> router (config) #nat tunnel (inside)
Huawei Gpon D Cmts Opticable Cmts Head End Device Ma5633 Gopn Epon Ge Uplink Huawei Ma5633 0access-list110</p>
<p> 6. note do not enable PFS</p>
<p> two and UTT2512 in Cisco (RouterA)
configuration</p>

_________________
best sleeping cot for camping


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC + 3 hours [ DST ]



Who is online

Users browsing this forum: Yandex [bot] and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
You can Get Free Forum PHPBB2 or Create forum for free PHPBB3