Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Hello i'm new on VPN can you help me???
- Thread starter ivoestg
- Start date
Sample VPN Config:
service timestamps debug datetime localtime msec
service timestamps log datetime localtime msec
service password-encryption
no service finger
no service udp-small-servers
no service tcp-small-servers
!
hostname BBN-HO1
enable secret xxxxxx
!
ip subnet-zero
no ip source-route
ip domain-name scla.western.net
ip name-server 209.x.x.x
ip name-server 204.x.x.x
!
ntp server 209.x.x.x
ntp server 209.x.x.x
clock timezone Pacific -8
clock summer-time Pacific recurring
!
crypto isakmp policy 1
hash md5
authentication pre-share
!
crypto isakmp key ROkey10 address 192.x.x.x
crypto isakmp key ROkey20 address 192.x.x.x
crypto isakmp key ROkey30 address 192.x.x.x
!
crypto ipsec transform-set stdTset esp-des esp-md5-hmac
crypto ipsec transform-set LessSet ah-md5-hmac esp-des
!
crypto map HOtoRO 1 ipsec-isakmp
set peer 192.x.x.x
set transform-set stdTset LessSet
match address 101
!
crypto map HOtoRO 2 ipsec-isakmp
set peer 192.x.x.x set transform-set stdTset LessSet
match address 102
!
crypto map HOtoRO 3 ipsec-isakmp
set peer 192.x.x.x
set transform-set stdTset LessSet
match address 103
!
interface Ethernet0
description Torrance, CA: Head Office 1’s LAN
ip address 192.x.x.x 255.255.255.0
ip mask-reply
ipx network 5861DAC7
ipx access-group 800 out
no ip directed-broadcast
no shutdown
crypto map HOtoRO
!
interface Tunnel 1
desc to East Bay – Remote Office 1
ip unnumbered ethernet0
no ip directed-broadcast
tunnel source 192.x.x.x 255.255.255.0
tunnel destination 192.x.x.x 255.255.255.0
tunnel mode gre
crypto map HOtoRO
no shutdown
!
interface Tunnel 2
desc to Burlingame – Remote Office 2
ip unnumbered ethernet0
no ip directed-broadcast
tunnel source 192.x.x.x 255.255.255.0
tunnel destination 192.x.x.x 255.255.255.0
tunnel mode gre
crypto map HOtoRO
no shutdown
!
interface Tunnel 3
desc to Flushing – Remote Office 3
ip unnumbered ethernet0
no ip directed-broadcast
tunnel source 192.x.x.x 255.255.255.0
tunnel destination 192.x.x.x 255.255.255.0
tunnel mode gre
crypto map HOtoRO
no shutdown
!
interface Serial0/0
description To: Verizon Circuit ID#
ip unnumbered ethernet0
no ip directed-broadcast
no ip mroute-cache
bandwidth 1536
no fair-queue
no shutdown
service-module T1 clock source line
service-module T1 framing esf
service-module T1 linecode b8zs
service-module T1 remote-alarm-enable
service-module T1 timeslots 1-24
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 192.x.x.x 255.255.255.0 192.x.x.x
ip route 192.x.x.x 255.255.255.255 Tunnel3
ip route 192.x.x.x 255.255.255.0 192.x.x.x
ip route 192.x.x.x 255.255.255.255 Tunnel1
ip route 192.x.x.x 255.255.255.0 192.x.x.x
ip route 192.x.x.x 255.255.255.255 Tunnel2
!
access-list 10 permit 209.x.x.x 0.0.0.x
access-list 10 permit 209.x.x.x 0.0.0.x
access-list 10 permit 192.x.x.x 0.0.255.255
access-list 10 deny any
!
access-list 101 permit ip 192.x.x.x 0.0.0.255 192.x.x.x 0.0.0.255
access-list 102 permit ip 192.x.x.x. 0.0.255 192.x.x.x 0.0.0.255
access-list 103 permit ip 192.x.x.x 0.0.0.255 192.x.x.x 0.0.0.255
ipx access-list 800 permit 5861DAC7 EB1C47BE
ipx access-list 800 permit 5861DAC7 1A
!
logging buffered 4096 debugging
!
banner motd ^C
************************WARNING**************************
Unauthorized Access is Prohibited. For operational issues
please e-mail support@western.net or call 1.xxx.xxx.xxxx ************************WARNING**************************
^C
!
line con 0
transport input none
line aux 0
transport input all
line vty 0 4
access-class 10 in
password xxxxxx
login
end
- - - - - - - - - - - - - - - - - - - - - - - - -
osaze
tdjudice@hotmail.com
service timestamps debug datetime localtime msec
service timestamps log datetime localtime msec
service password-encryption
no service finger
no service udp-small-servers
no service tcp-small-servers
!
hostname BBN-HO1
enable secret xxxxxx
!
ip subnet-zero
no ip source-route
ip domain-name scla.western.net
ip name-server 209.x.x.x
ip name-server 204.x.x.x
!
ntp server 209.x.x.x
ntp server 209.x.x.x
clock timezone Pacific -8
clock summer-time Pacific recurring
!
crypto isakmp policy 1
hash md5
authentication pre-share
!
crypto isakmp key ROkey10 address 192.x.x.x
crypto isakmp key ROkey20 address 192.x.x.x
crypto isakmp key ROkey30 address 192.x.x.x
!
crypto ipsec transform-set stdTset esp-des esp-md5-hmac
crypto ipsec transform-set LessSet ah-md5-hmac esp-des
!
crypto map HOtoRO 1 ipsec-isakmp
set peer 192.x.x.x
set transform-set stdTset LessSet
match address 101
!
crypto map HOtoRO 2 ipsec-isakmp
set peer 192.x.x.x set transform-set stdTset LessSet
match address 102
!
crypto map HOtoRO 3 ipsec-isakmp
set peer 192.x.x.x
set transform-set stdTset LessSet
match address 103
!
interface Ethernet0
description Torrance, CA: Head Office 1’s LAN
ip address 192.x.x.x 255.255.255.0
ip mask-reply
ipx network 5861DAC7
ipx access-group 800 out
no ip directed-broadcast
no shutdown
crypto map HOtoRO
!
interface Tunnel 1
desc to East Bay – Remote Office 1
ip unnumbered ethernet0
no ip directed-broadcast
tunnel source 192.x.x.x 255.255.255.0
tunnel destination 192.x.x.x 255.255.255.0
tunnel mode gre
crypto map HOtoRO
no shutdown
!
interface Tunnel 2
desc to Burlingame – Remote Office 2
ip unnumbered ethernet0
no ip directed-broadcast
tunnel source 192.x.x.x 255.255.255.0
tunnel destination 192.x.x.x 255.255.255.0
tunnel mode gre
crypto map HOtoRO
no shutdown
!
interface Tunnel 3
desc to Flushing – Remote Office 3
ip unnumbered ethernet0
no ip directed-broadcast
tunnel source 192.x.x.x 255.255.255.0
tunnel destination 192.x.x.x 255.255.255.0
tunnel mode gre
crypto map HOtoRO
no shutdown
!
interface Serial0/0
description To: Verizon Circuit ID#
ip unnumbered ethernet0
no ip directed-broadcast
no ip mroute-cache
bandwidth 1536
no fair-queue
no shutdown
service-module T1 clock source line
service-module T1 framing esf
service-module T1 linecode b8zs
service-module T1 remote-alarm-enable
service-module T1 timeslots 1-24
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 192.x.x.x 255.255.255.0 192.x.x.x
ip route 192.x.x.x 255.255.255.255 Tunnel3
ip route 192.x.x.x 255.255.255.0 192.x.x.x
ip route 192.x.x.x 255.255.255.255 Tunnel1
ip route 192.x.x.x 255.255.255.0 192.x.x.x
ip route 192.x.x.x 255.255.255.255 Tunnel2
!
access-list 10 permit 209.x.x.x 0.0.0.x
access-list 10 permit 209.x.x.x 0.0.0.x
access-list 10 permit 192.x.x.x 0.0.255.255
access-list 10 deny any
!
access-list 101 permit ip 192.x.x.x 0.0.0.255 192.x.x.x 0.0.0.255
access-list 102 permit ip 192.x.x.x. 0.0.255 192.x.x.x 0.0.0.255
access-list 103 permit ip 192.x.x.x 0.0.0.255 192.x.x.x 0.0.0.255
ipx access-list 800 permit 5861DAC7 EB1C47BE
ipx access-list 800 permit 5861DAC7 1A
!
logging buffered 4096 debugging
!
banner motd ^C
************************WARNING**************************
Unauthorized Access is Prohibited. For operational issues
please e-mail support@western.net or call 1.xxx.xxx.xxxx ************************WARNING**************************
^C
!
line con 0
transport input none
line aux 0
transport input all
line vty 0 4
access-class 10 in
password xxxxxx
login
end
- - - - - - - - - - - - - - - - - - - - - - - - -
osaze
tdjudice@hotmail.com
Try for Checkpoint info.. brilliant site
- Status
Similar threads
- Question
- Question