Mediant MSBRs 32 Document #: LTRT-31828
Security Setup
crypto isakmp key P@ssw0rd address 180.1.100.21
interface GigabitEthernet 0/0
crypto map MAP1
IPSec configuration of the device on the Corporate HQ is as follows:
access-list ipsec permit ip 10.0.0.0 0.0.0.255 192.168.0.0
0.0.0.255
crypto isakmp policy 1
encryption aes 128
authentication pre-share
hash sha
group 2
lifetime 3600
exit
crypto ipsec transform-set crypto_set1 esp-aes 128 esp-sha-hmac
mode tunnel
exit
crypto map MAP1 1 ipsec-isakmp
set peer 180.1.100.20
set transform-set crypto_set1
set security-association lifetime seconds 28000
match address ipsec
exit
crypto isakmp key P@ssw0rd address 180.1.100.20
interface GigabitEthernet 0/0
crypto map MAP1
Note: If configuration requires NAPT and IPsec for the WAN interface, the user should
configure a selective NAPT rule which applies the NAPT to all traffic, except the IPSec
subnet. This allows access to the Internet for the workstations in the LAN.
Example of Corporate Branch:
access-list selective_nat deny ip 192.168.0.0 0.0.0.255 10.0.0.0
0.0.0.255
access-list selective_nat permit ip any any
interface GigabitEthernet 0/0
no napt
crypto map eth1_MAP
exit
ip nat inside source list selective_nat interface GigabitEthernet
0/0
To Next Page
Loading...
Need help?
General
