Specifications
Table Of Contents
- Contents
- Preface
- Getting Started
- Basic Router Configuration
- Interface Port Labels
- Viewing the Default Configuration
- Information Needed for Configuration
- Configuring Basic Parameters
- Configuring Static Routes
- Configuring Dynamic Routes
- Configuring Enhanced IGRP
- Basic Router Configuration
- Configuring Your Router for Ethernet and DSL Access
- Sample Network Deployments
- Configuring PPP over Ethernet with NAT
- Configuring PPP over ATM with NAT
- Configuring a LAN with DHCP and VLANs
- Configuring a VPN Using Easy VPN and an IPSec Tunnel
- Configure the IKE Policy
- Configure Group Policy Information
- Apply Mode Configuration to the Crypto Map
- Enable Policy Lookup
- Configure IPSec Transforms and Protocols
- Configure the IPSec Crypto Method and Parameters
- Apply the Crypto Map to the Physical Interface
- Create an Easy VPN Remote Configuration
- Verifying Your Easy VPN Configuration
- Configuration Example
- Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
- Configuring a Simple Firewall
- Configuring a Wireless LAN Connection
- Sample Configuration
- Configuring Additional Features and Troubleshooting
- Additional Configuration Options
- Configuring Security Features
- Configuring Dial Backup and Remote Management
- Troubleshooting
- Reference Information
- Cisco IOS Software Basic Skills
- Concepts
- ROM Monitor
- Common Port Assignments
7-11
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
Configuration Example
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip inspect firewall in ! inspection examines outbound traffic
crypto map static-map
no cdp enable
!
interface fastethernet 0! FE0 is the outside or internet exposed interface
ip address 210.110.101.21 255.255.255.0
ip access-group 103 in ! acl 103 permits ipsec traffic from the corp. router as well as
denies internet initiated traffic inbound.
ip nat outside
no cdp enable
crypto map to_corporate ! applies the ipsec tunnel to the outside interface.
!
ip nat inside source list 102 interface Ethernet1 overload ! utilize nat overload in order
to make best use of the single address provided by the isp.
ip classless
ip route 0.0.0.0 0.0.0.0 210.110.101.1
no ip http server
!
!
! acl 102 associated addresses used for nat.
access-list 102 permit ip 10.1.1.0 0.0.0.255 any
! acl 103 defines traffic allowed from the peer for the ipsec tunnel.
access-list 103 permit udp host 200.1.1.1 any eq isakmp
access-list 103 permit udp host 200.1.1.1 eq isakmp any
access-list 103 permit esp host 200.1.1.1 any
access-list 103 permit icmp any any ! allow icmp for debugging but should be disabled due
to security implications.
access-list 103 deny ip any any ! prevents internet initiated traffic inbound.
! acl 105 matches addresses for the ipsec tunnel to/from the corporate network.
access-list 105 permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255
no cdp run