cisco ipsec vpn. router to pix

Надо мне настроить ipsec vpn между cisco 2650XM и cisco PIX. Клиентом выступает 2650. PIX настроен московскими коллегами. Я настраиваю 2650. Приступим :)

crypto logging session
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
lifetime 86000
crypto isakmp key xxx address 89.179.x.x
!
!
crypto ipsec transform-set spb_msk esp-3des esp-md5-hmac
!
crypto map spb_local 1010 ipsec-isakmp
set peer 89.179.x.x
set transform-set spb_msk
set pfs group2
match address 120
reverse-route
!
!
!
interface GigabitEthernet0/0.10
description spb-office
encapsulation dot1Q 10
ip address 89.179.y.y 255.255.255.224
no ip redirects
no ip proxy-arp
crypto map spb_local
!
access-list 120 permit ip 192.168.y.0 0.0.0.255 192.168.x.0 0.0.15.255

Если есть нат, исключить из него айпишники за туннелем. В данном случе это 192.168.240.0 0.0.15.255

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s