Monday, June 23, 2008

Router-to-Router IPSec (RSA Keys) on GRE Tunnel with RIP Configuration Example / Cisco Systems

Router-to-Router IPSec (RSA Keys) on GRE Tunnel with RIP Configuration Example [IPSec Negotiation/IKE Protocols] - Cisco Systems
This document provides a sample configuration for routers with RSA keys. Both routers are configured for RSA keys and IPSec/Generic Routing Encapsulation (GRE) tunnel with Routing Information Protocol (RIP).




Router 101
Building configuration...

Current configuration : 1486 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 101
!
!
clock timezone PST -8
ip subnet-zero
ip domain name cisco.com
ip host 102.cisco.com 20.1.1.2
!
ip audit notify log
ip audit po max-events 100
!
crypto isakmp policy 1
 authentication rsa-encr
crypto isakmp identity hostname
crypto isakmp keepalive 20 5
!
!
crypto ipsec transform-set test esp-des esp-sha-hmac
 mode transport
!
crypto map test 10 ipsec-isakmp
 set peer 20.1.1.2
 set transform-set test
 match address 101
!
!
crypto key pubkey-chain rsa
 named-key 102.cisco.com
  key-string
   305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00DB4FEB EF0C0D3D
   72FC5BD3 29C8E94B 726161BC F1AF337C E5F2D11D FBFC2245 95EA2AB7 9D09156C
   08A5A7CD 36E43D94 F1E3C978 37A79379 384D2A72 CE575E91 3F020301 0001
  quit
 !
 !
 !
 interface Loopback1
 ip address 192.168.1.1 255.255.255.0
!
interface Tunnel0
 ip address 10.10.10.1 255.255.255.252
 ip mtu 1420
 tunnel source Ethernet1/0
 tunnel destination 20.1.1.2
 crypto map test
!
interface Ethernet0/0
 ip address 1.1.1.1 255.255.255.0
!
interface Ethernet1/0
 ip address 20.1.1.1 255.255.255.0
 crypto map test
!
interface Serial2/0
 no ip address
 shutdown
!
interface Serial3/0
 no ip address
 shutdown
!
router rip
 version 2
 passive-interface Ethernet1/0
 network 10.0.0.0
 network 192.168.1.0
!
ip classless
no ip http server
!
!
access-list 101 permit gre host 20.1.1.1 host 20.1.1.2
!
!
line con 0
line aux 0
line vty 0 4
 login
!
end

101#

Router 102
102#write terminal
Building configuration...

Current configuration : 1484 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 102
!
!
clock timezone PST -8
ip subnet-zero
ip domain name cisco.com
ip host 101.cisco.com 20.1.1.1
!
ip audit notify log
ip audit po max-events 100
!
crypto isakmp policy 1
 authentication rsa-encr
crypto isakmp identity hostname
crypto isakmp keepalive 20 5
!
!
crypto ipsec transform-set test esp-des esp-sha-hmac
 mode transport
!
crypto map test 10 ipsec-isakmp
 set peer 20.1.1.1
 set transform-set test
 match address 101
!
!
crypto key pubkey-chain rsa
 named-key 101.cisco.com
  address 20.1.1.1
  key-string
   305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00A7D24F E6E15787
   5EE1434A A76A3DC1 ADE96A4D C6B4D0F3 A7DDAD10 446EF83A 89D1115F 0C517118
   ECAF418E F4C84823 2A017B97 F85690EF EBCF3414 AB3E81F6 A5020301 0001
  quit
 !
 !
 !
 interface Loopback1
 ip address 172.16.1.1 255.255.255.0
!
interface Tunnel0
 ip address 10.10.10.2 255.255.255.252
 ip mtu 1420
 tunnel source Ethernet0/0
 tunnel destination 20.1.1.1
 crypto map test
!
interface Ethernet0/0
 ip address 20.1.1.2 255.255.255.0
 crypto map test
!
interface Ethernet1/0
 no ip address
!
interface Serial2/0
 no ip address
 shutdown
!
interface Serial3/0
 no ip address
 shutdown
!
router rip
 version 2
 passive-interface Ethernet0/0
 network 10.0.0.0
 network 172.16.0.0
!
ip classless
no ip http server
!
!
access-list 101 permit gre host 20.1.1.2 host 20.1.1.1
!
!
line con 0
line aux 0
line vty 0 4
 login
!
end

102#




Related Information:
IPSec Support Page
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)