Irfan Liaqat
$20/hr
IT infrastructure consultancy, design, deployment, management, & troubleshooting.
- Reply rate:
- -
- Availability:
- Hourly ($/hour)
- Location:
- Lahore, Punjab, Pakistan
- Experience:
- 15 years
Cisco ISR IPSec VPN config
!
crypto isakmp policy 100
encryption aes
authentication pre-share
group 2
!
crypto isakmp key *snipped* address-
!
crypto isakmp aggressive-mode disable
!
crypto ipsec transform-set HFCVPNSET esp-aes esp-sha-hmac
!
crypto dynamic-map HFCVPNDYN 100
set transform-set HFCVPNSET
!
ip access-list extended HFCVPNACL
permit ip *snipped*- *snipped*-
!
crypto map HFCVPN 100 ipsec-isakmp
match address HFCVPNACL
set peer hfcho.farventure.net dynamic
set transform-set HFCVPNSET
crypto map HFCVPN 200 ipsec-isakmp dynamic HFCVPNDYN
!
! this should be your WAN/Internet interface
interface Vlan2
crypto map HFCVPN
no shut
!
!Put a deny in NAT ACL for VPN traffic.. Otherwise VPN will not come up.
no access-list 101
access-list 101 deny ip *snipped*- *snipped*-
access-list 101 permit ip any any
ip nat inside source list 101 interface Vlan2 overload
no ip nat inside source list 1 interface Vlan2 overload
yes
!
!Update DHCP scope name-servers to internet router ip and 8.8.8.8
!ip dhcp pool ForVLAN1
! dns-server *snipped*-
!
!Add logging source vlan1
logging source-interface Vlan1
!
!
exit
!
!
sh ip nat statis
!
sh crypto session
!
