This ought to be fun. Testing here in the lab has not been going well. And I
have to start work here pretty soon. The boss doesn't like it when I spend
all day doing something other than what he pays me to do. Which means we
should have some fun stumbling around this afternoon / evening
5:00 p.m. pacific 8:00 p.m. eastern 1:00 a.m. 12/28 Greenwich ( if I
count correctly on my fingers ) is the time.
http://www.allnetllc.net/chat/ciscochat.htm is the place
I have the following sample config. Some addresses will change.
I will be on line 30 minutes before official start time
General configuration stuff - pre-shared keys etc DO NOT USE THESE IP
ADDRESSES
MORE LATER TODAY
!ipsec router 1
crypto isakmp enable
crypto isakmp identity address
crypto isakmp policy 1
hash md5
authentication pre-share
exit
crypto isakmp key groupstudy address 192.168.2.3
!
!
crypto ipsec transform-set VPNTEST ah-md5-hmac esp-des
!
crypto map TESTVPN 1 ipsec-isakmp
set peer 192.168.2.3
set security-association lifetime kilobytes 10000
set security-association lifetime seconds 5000
set transform-set VPNTEST
match address 100
exit
access-list 100 permit ip host 172.16.1.1 host 172.17.1.1
access-list 101 permit eigrp any any
access-list 101 permit ip host 192.168.2.3 host 192.168.1.1
access-list 101 permit ah host 172.17.1.1 host 172.16.1.1
access-list 101 permit esp host 172.17.1.1 host 172.16.1.1
access-list 101 permit ip any host 172.16.2.1
access-list 101 permit icmp any host 172.16.2.1
access-list 101 deny ip any any
! ipsec router 3
crypto isakmp enable
crypto isakmp identity address
crypto isakmp policy 1
hash md5
authentication pre-share
exit
crypto isakmp key groupstudy address 192.168.1.1
!
!
crypto ipsec transform-set VPNTEST ah-md5-hmac esp-des
!
crypto map TESTVPN 1 ipsec-isakmp
set peer 192.168.1.1
set security-association lifetime kilobytes 10000
set security-association lifetime seconds 5000
set transform-set VPNTEST
match address 100
exit
access-list 100 permit ip host 172.17.1.1 host 172.16.1.1
access-list 101 permit eigrp any any
access-list 101 permit ip host 192.168.1.1 host 192.168.2.3
access-list 101 permit ah host 172.16.1.1 host 172.17.1.1
access-list 101 permit esp host 172.16.1.1 host 172.17.1.1
access-list 101 permit ip any host 172.17.3.1
access-list 101 deny ip any any
Chuck
----------------------
I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your life as
it has been is over ( if you hope to pass ) From this time forward, you will
study US!
( apologies to the folks at Star Trek TNG )
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
