Configuration Guide 7. IPSec Tunneling
Version 7.2 51 Security Setup
no napt
no firewall enable
no shutdown
exit
interface pppoe 0
firewall enable
napt
mtu auto
ppp user 0543150513@014 obscured-pass vu/atLSt8g==
ppp authentication chap
ppp authentication ms-chap
ppp authentication ms-chap-v2
ppp authentication pap
ppp lcp-echo 6 5
no ppp compression
ip address auto
ipv6 address autoconfig
ip dns server auto
underlying EFM 0/2
crypto map MAP1
network wan
no shutdown
exit
ip nat inside source list all_but_ipsec interface PPPOE 0
ip route 0.0.0.0 0.0.0.0 PPPOE 0 1
exit
The MSBR Branch configuration defines the IKEv2 peer as an IP address. It's important to
note that the identity of the MSBR Branch is set to home.timg.pro.
Configuration of MSBR HQ:
configure data
access-list all_but_ipsec deny ip 192.168.100.0 0.0.0.255
192.168.0.0 0.0.0.255 log
access-list all_but_ipsec permit ip any any log
access-list ipsec permit ip 192.168.100.0 0.0.0.255
192.168.0.0 0.0.0.255 log
crypto isakmp key Aa123456 address home.timg.pro
crypto isakmp policy 1
encr aes 256
authentication pre-share
hash sha
group 5
lifetime 3600
ike v2
exit
crypto ipsec transform-set crypto_set esp-aes 256 esp-sha-hmac
mode tunnel
exit
crypto map MAP1 1 ipsec-isakmp
set peer home.timg.pro
set transform-set crypto_set
To Next Page
Loading...
