!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 24-S002-VPN1
!
boot-start-marker
boot-end-marker
!
!
no logging console
enable password tetra
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip multicast-routing
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
!
license udi pid CISCO1921/K9 sn FGL192622U2
!
!
!
redundancy
!
!
!
!
no cdp run
!
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key s002-s000 address 10.239.24.100
!
!
crypto ipsec transform-set tetra esp-3des esp-md5-hmac
mode transport
!
!
!
crypto map GRE local-address GigabitEthernet0/1
crypto map GRE 10 ipsec-isakmp
set peer 10.239.24.100
set transform-set tetra
match address 101
!
!
!
!
!
interface Tunnel1
description "s002-s000"
ip unnumbered GigabitEthernet0/0
ip mtu 1440
ip pim sparse-mode
ip igmp version 3
keepalive 10 3
tunnel source GigabitEthernet0/1
tunnel destination 10.239.24.100
crypto map GRE
!
interface Embedded-Service-Engine0/0
no ip address
!
interface GigabitEthernet0/0
ip address 172.16.2.1 255.255.255.0
ip pim sparse-mode
ip igmp version 3
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
ip address 10.239.24.2 255.0.0.0
ip access-group 121 in
duplex auto
speed auto
no cdp enable
crypto map GRE
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip pim bidir-enable
ip pim rp-address 172.16.0.1
ip route 0.0.0.0 0.0.0.0 Tunnel1
!
!
!
snmp-server community public RO
access-list 101 permit gre host 10.239.24.0 host 10.239.24.100
access-list 101 permit gre host 10.239.24.2 host 10.239.24.100
access-list 121 permit esp host 10.239.24.100 host 10.239.24.2
access-list 121 permit udp host 10.239.24.100 eq isakmp host 10.239.24.2 eq isakmp
access-list 121 permit gre host 10.239.24.100 host 10.239.24.2
access-list 121 permit icmp any any echo-reply
access-list 121 permit icmp any any
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password tetra
login
transport input all
!
scheduler allocate 20000 1000
!
end
24-S002-VPN1#Show ip Interface brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES unset up down
GigabitEthernet0/0 172.16.2.1 YES manual down down
GigabitEthernet0/1 10.239.24.2 YES manual down down
Tunnel0 unassigned YES unset up down
Tunnel1 172.16.2.1 YES TFTP up down
24-S002-VPN1#show ip interface brief | include Tunnel
Tunnel0 unassigned YES unset up down
Tunnel1 172.16.2.1 YES TFTP up down
ضوابط المشاركة
رد مع اقتباس
المفضلات