Welcome back!It is possible to configure a L2L session on a VPN3k using CLI only. It is a completley different configuration. Here is the summation of it:
Create an SA
Create inbound and Outbound rules for the hosts to be encrypted.
Apply the rules to the public filter with the action of “Apply IPSec” and attach the Security [...]
Tags: CCIE Security · IE Labs · Studies In VPN
IOS Lan-to-Lan with PSK through an ASA.
***The Catch: Nat configured and Dynamic Crypto Maps configured.
Uploaded with plasq’s Skitch!
I ran into an Intersting situation:
r1#sh cry map
Crypto Map “vpn” 10 ipsec-isakmp
Peer = 136.5.122.2
Extended IP access list r1tor2
access-list r1tor2 permit ip 150.1.1.0 0.0.0.255 150.2.2.0 0.0.0.255
Current peer: 136.5.122.2
Security association lifetime: 4608000 kilobytes/3600 seconds
PFS (Y/N): N
Transform [...]
Tags: CCIE Security · IE Labs · Studies In VPN
IOS to IOS with PSK thru an ASA without NAT
The topology:
Uploaded with plasq’s Skitch!
Allow ESP and ISAKMP thru the ASA:
ciscoasa(config-router)# conf t
ciscoasa(config)# access-l outside_in permit esp any any
ciscoasa(config)# access-l outside_in permit udp any any eq isakmp
ciscoasa(config)# access-g outside_in in int outside
ciscoasa(config)#
Over on R2 I create a loopback to encrypt traffic to R1:
r2(config)#int lo0
r2(config-if)#ip add 150.1.2.2 [...]
Tags: CCIE Security · IE Labs · Studies In VPN