PC1 and PC2 both are VPCs and i connect Two routers to the Internet using my PPPOE connection.
Both PCs can surf the Internet while connecting to the Site to Site VPN.
Site1 Configuration
!
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Site1
!
boot-start-marker
boot-end-marker
!
enable secret cisco
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 5
encryption aes 256
authentication pre-share
group 5
lifetime 1000
crypto isakmp key cisco address Site2_dialer1_ip
!
crypto ipsec security-association lifetime kilobytes 2560
crypto ipsec security-association idle-time 10000
!
crypto ipsec transform-set ipsec1 esp-aes 256 esp-md5-hmac comp-lzs
!
crypto map VPN1 5 ipsec-isakmp
set peer Site2_dialer1_ip
set transform-set ipsec1
set pfs group5
match address SITE1_TO_SITE2_VPN
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip access-group INTERNET in
duplex auto
speed auto
!
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username username password password
ppp ipcp dns request
crypto map VPN1
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
no ip http secure-server
!
ip access-list extended INTERNET
permit ip any any
ip access-list extended SITE1_TO_SITE2_VPN
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 any
!
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
end
Site2 Configurations
!
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Site2
!
boot-start-marker
boot-end-marker
!
enable secret cisco
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip domain name lab.local
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 5
encryption aes 256
authentication pre-share
group 5
lifetime 1000
crypto isakmp key cisco address Site1_dialer_ip
!
crypto ipsec security-association lifetime kilobytes 2560
crypto ipsec security-association idle-time 10000
!
crypto ipsec transform-set ipsec1 esp-aes 256 esp-md5-hmac comp-lzs
!
crypto map VPN1 5 ipsec-isakmp
set peer Site1_dialer_ip
set transform-set ipsec1
set pfs group5
match address SITE2_TO_SITE1_VPN
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
ip access-group INTERNET in
duplex auto
speed auto
!
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username username password password
ppp ipcp dns request
crypto map VPN1
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
!
ip access-list extended INTERNET
permit ip any any
ip access-list extended SITE2_TO_SITE1_VPN
permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
endVPN peer ip address should be changed according to your ip addresses and Dialer interface username and password should be changed to your username and password.
If you have questions regarding to IPsec tunnel feel free to comment and appreciate any suggestion.Thank you ..
No comments:
Post a Comment