Sunday, February 14, 2010

site-to-site VPN

Dear Friends!!
Here I post Site-to-Site VPN configuration.




Configuration....

Router0#
Connected to Dynamips VM "R0" (ID 0, type c7200) - Console port

R0#show running-config
Building configuration...

Current configuration : 3188 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R0
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
no aaa new-model
ip cef
!
!
!
!
ip domain name sbi.co.in
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-4294967295
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4294967295
revocation-check none
rsakeypair TP-self-signed-4294967295
!
!
crypto pki certificate chain TP-self-signed-4294967295
certificate self-signed 01
3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323934 39363732 3935301E 170D3130 30323134 30383432
31385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32393439
36373239 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A43B 3D46C30C BE6A6FD7 66A4763D 16763204 CD8722E6 241BBC9A 04BDD3E3
6FBCB9C7 49684030 B57104B2 6651534F 3F201BCC FC407658 80FE606B 901D6CB2
6DADD418 057867F6 CB1A6E94 D149B7B7 5FEA5491 5DB80273 24E82B82 2553AA5A
FFF2B097 E820FC2E 9AB9BE44 F0B62F8C 7156335A 527BBD1B 254A86D6 DA9257FA
B8C50203 010001A3 62306030 0F060355 1D130101 FF040530 030101FF 300D0603
551D1104 06300482 02523030 1F060355 1D230418 30168014 33846FF5 E33F0D6C
DFA3F9F9 3B3DA7E9 100D536F 301D0603 551D0E04 16041433 846FF5E3 3F0D6CDF
A3F9F93B 3DA7E910 0D536F30 0D06092A 864886F7 0D010104 05000381 81007396
B8D11E23 2D57C3F9 02D2F689 5DDEB723 4DE128AA 969FF25A 9D73CA9E 91AF17BA
3FB3150C 36E330F3 B5159B8B 06092024 E0922BB8 EE591209 BBA7BFFA 137803E4
0B52BBEF 912E2D7E F9939221 9ECF2B86 70FD7667 4870A013 4B45348D CA1E29C6
5BF7C4DD 2DF51518 BD8F51F0 7E092CD6 B168FDFB 4F1FBBF1 9825DFAE 641B
quit
username jignesh privilege 15 password 0 jignesh
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr aes
authentication pre-share
group 2
crypto isakmp key 12345 address 10.0.0.2
!
!
crypto ipsec transform-set ciscotrans esp-3des esp-md5-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to10.0.0.2
set peer 10.0.0.2
set transform-set ciscotrans
match address 100
!
!
!
!
!
interface Loopback1
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface FastEthernet0/1
ip address 192.168.1.254 255.255.255.0
duplex auto
speed auto
!
router eigrp 1
network 0.0.0.0
no auto-summary
!
ip http server
ip http authentication local
ip http secure-server
!
!
!
logging alarm informational
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login local
transport input telnet ssh
line vty 5 1869
login local
transport input telnet ssh
!
!
end

R0#

---------------------------------------------------------
Router1#
Connected to Dynamips VM "R1" (ID 1, type c7200) - Console port


r1#show run
r1#show running-config
Building configuration...

Current configuration : 3235 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
!
!
ip domain name sbi.co.in
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-4294967295
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4294967295
revocation-check none
rsakeypair TP-self-signed-4294967295
!
!
crypto pki certificate chain TP-self-signed-4294967295
certificate self-signed 01
3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323934 39363732 3935301E 170D3130 30323134 30383531
33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32393439
36373239 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A853 97396EF6 415A11A9 5369D768 2871CB64 7190FB18 E60A208E 202E8E66
CCB278AB 58A741B0 D3979511 EC4F2CA0 6CA3A99A 90FF87B6 CB135C09 94687BAA
53D1D0F0 BF26E560 02B254B6 32126291 DDF232FE D4B7B4A2 12DB0424 62C1DDE0
BFEAF603 27D0D5C5 CBFCD245 197EF1BC 77444466 E0410741 A4D5B2B1 F14B997C
3BF50203 010001A3 62306030 0F060355 1D130101 FF040530 030101FF 300D0603
551D1104 06300482 02723130 1F060355 1D230418 30168014 C849683F 2B911D7D
3780D79A 64B175A1 562A7247 301D0603 551D0E04 160414C8 49683F2B 911D7D37
80D79A64 B175A156 2A724730 0D06092A 864886F7 0D010104 05000381 810011B1
07396E14 A02734BC 4D772B82 58A50FB0 34F6FBCA B0026D4D FC494EDA 782DE66E
4C046ACC E5BD0F8A 4ACCDCB8 517528C7 94407B7C C150901F 70FC7674 1318EA2B
00066C05 2F9C654F 5B124526 D0591774 FBD895EA 1A8FC235 11A53E05 D55AEF29
666CE7B5 76F0BF42 7CCA2FFC 1A1B567C E5F90002 01D3FD49 FBDACB8E CDF4
quit
username jignesh privilege 15 password 0 jignesh
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr aes
authentication pre-share
group 2
crypto isakmp key 12345 address 10.0.0.1
!
!
crypto ipsec transform-set ciscotrans esp-3des esp-md5-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Apply the crypto map on the peer router's interface having IP addre
ss 10.0.0.2 that connects to this router.
set peer 10.0.0.1
set transform-set ciscotrans
match address SDM_1
!
!
!
!
!
interface Loopback1
ip address 192.168.11.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.0
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface FastEthernet0/1
ip address 172.16.0.254 255.255.255.0
duplex auto
speed auto
!
router eigrp 1
network 0.0.0.0
no auto-summary
!
ip http server
ip http authentication local
ip http secure-server
!
!
!
ip access-list extended SDM_1
remark SDM_ACL Category=4
remark IPSec Rule
permit ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255
!
logging alarm informational
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
line vty 0 4
login local
transport input telnet ssh
line vty 5 1869
login local
transport input telnet ssh
!
!
end

r1#


Thank You,
Regards,
Jignesh

Saturday, February 6, 2010

NAT/PAT

Hi..I made NAT server that mapping/translation networks with single IP address.




CPE Router Configuration:
CPE#show run
Building configuration...

Current configuration : 1313 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CPE
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Serial0/0
ip address 11.0.0.1 255.255.255.0
ip nat outside
ip virtual-reassembly
serial restart-delay 0
clock rate 64000
!
interface Serial0/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
interface Ethernet1/0
ip address 192.168.0.2 255.255.255.0
ip nat inside
ip virtual-reassembly
half-duplex
!
interface Ethernet1/1
ip address 192.168.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly
half-duplex
!
interface Ethernet1/2
no ip address
shutdown
half-duplex
!
interface Ethernet1/3
no ip address
shutdown
half-duplex
!
ip http server
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial0/0
!
ip nat pool abc 11.0.0.1 11.0.0.1 netmask 255.255.255.0
ip nat inside source list 1 pool abc overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

CPE#