Manualshelf

Technical information

ManualsBrandsCisco ManualsComputer equipmentWS-SVC-IPSEC-1= - IPSec VPN Services Module
81828384858687888990
86
IPSec VPN Acceleration Services Module Installation and Configuration Note
78-14459-03 Rev C0
Configuration Examples
no ip http server
no ip http secure-server
!
!
ip access-list extended acl-16
permit ip host 10.10.20.16 host 172.16.1.16
!
!
line con 0
exec-timeout 0 0
line vty 0 4
no login
transport input lat pad mop telnet rlogin udptn nasi ssh
!
end
GRE Tunneling
These sections provide examples for GRE tunneling:
Catalyst Switch 1, page 86
Catalyst Switch 2, page 87
Note In both switches, the VPN module is in slot 5, Gigabit Ethernet interfaces 1/1 are the secured ports, and
Gigabit Ethernet interfaces 1/2 are the LAN ports.
Catalyst Switch 1
The Catalyst switch 1 configuration is as follows:
crypto isakmp policy 100
encr 3des
authentication pre-share
crypto isakmp key 12345 address 192.168.1.0 255.255.255.0
!
crypto ipsec transform-set ts esp-3des esp-sha-hmac
!
crypto map cm1 100 ipsec-isakmp
set peer 192.168.1.1
set security-association level per-host
set security-association lifetime kilobytes 536870912
set security-association lifetime seconds 86400
set transform-set ts
match address acl1
!
interface GigabitEthernet1/1
no ip address
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,502,1002-1005
switchport mode trunk
!
interface GigabitEthernet1/2
ip address 5.0.0.254 255.255.255.0
!
interface GigabitEthernet5/1
no ip address
flowcontrol receive on