Cisco Forum — Allgemein

Cyrrus · 02.09.2006, 14:31

Hallo zusammen,

will mit 2 Cisco 871 einen Site To Site VPN aufbauen.
Beide Seiten verfuegen ueber eine Static-IP.

Kann mir biite jemand sagen ob die config unten so ok ist??

Danke Euch!!

Code:

version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CISCO871
!
enable secret 5 ***PASSWORD***
!


no aaa new-model
ip subnet-zero

ip inspect name inspection100 ftp
ip inspect name inspection100 h323
ip inspect name inspection100 netshow
ip inspect name inspection100 rcmd
ip inspect name inspection100 realaudio
ip inspect name inspection100 rtsp
ip inspect name inspection100 smtp
ip inspect name inspection100 sqlnet
ip inspect name inspection100 streamworks
ip inspect name inspection100 tftp
ip inspect name inspection100 tcp
ip inspect name inspection100 udp
ip inspect name inspection100 vdolive
ip inspect name inspection100 icmp
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
no ip domain-lookup
!
!
! 
!
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key ***SHARED_KEY***  address ***OUTSIDE_IP_OTHERSIDE*** no-xauth
!

!
crypto ipsec transform-set rtpset esp-3des esp-md5-hmac 
!

!
!

crypto map rtp 1 ipsec-isakmp 
 set peer ***OUTSIDE_IP_OTHERSIDE***
 set transform-set rtpset 
 match address 110

!
!
!
!
!***INSIDE INTERFACE***
interface Ethernet0
 ip address 192.168.20.1 255.255.255.0
 ip nat inside
 no cdp enable
!
!***OUTSIDE INTERFACE****
interface Ethernet1
 ip address ***IP_OUTSIDE*** 255.255.255.252
 ip nat outside
 duplex auto
 no cdp enable
 crypto map rtp
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet2
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet3
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!

ip nat inside source route-map nonat interface Ethernet1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 ***GATEWAY_OUTSIDE***

!
access-list 110 permit ip 192.168.20.0 0.0.0.255 192.168.23.0 0.0.0.255

access-list 115 deny   ip 192.168.20.0 0.0.0.255 192.168.23.0 0.0.0.255

access-list 115 permit ip 192.168.20.0 0.0.0.255 any

no cdp run
route-map nonat permit 10
match ip address 115
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password 7 ***PASSWORD***
 login local
!
scheduler max-task-time 5000
!
end

tom12 · 02.09.2006, 17:03

Di,

die config sollte passen..

Grüsse
Thomas

Cisco Forum — Allgemein

Cisco Forum: Alles zum Thema CISCO Zertifizierungen CCNA, CCNP, CCSP, CCIE etc. — Q & A zum Thema CISCO Router, Switches und Firewalls