GRE over IPSEC tunnel example-config tra due router
13.12 2019 | by massimilianoStep di configurazione di un tunnel GRE over IPSEC tra due router 1. Creare un tunnel interface (l’indirizzo IP […]
Step di configurazione di un tunnel GRE over IPSEC tra due router
1. Creare un tunnel interface (l’indirizzo IP del tunnel in entrambi i router debbono essere sulla stessa subnet) e configurare poi il tunnel-source ed il tunnel-destination sotto la tunnel interface
- interface Tunnel0
ip address 192.168.16.1 255.255.255.0
tunnel source
tunnel destination
2. Configurazione isakmp policies:
- crypto isakmp policy 1
authentication pre-share
3. Configurazione pre-share keys:
- crypto isakmp key cisco123 address < remote outside interface IP with 32 bit subnet mask >
4. Configurazione transform-set:
crypto ipsec transform-set strong esp-3des esp-md5-hmac
5. Creare una ACL che permette il traffico via GRE di transitare dalla interface outside del router locale verso l’ inteface outside del router remoto:
- access-list 100 permit gre host < local outside interface ip > host < remote outside interface IP >
6. Configurazione crypto map con associazione transform set ed ACL alla crypto map; definizione peer address sotto la crypto map:
- crypto map vpn 10 ipsec-isakmp
set peer < ip address >
set transform-set strong
match address 100
7. Associazione crypto map alla interface fisica (outside) (cisco ios software release 12.2.15 or later); in caso contrario la crypto map deve essere applicata al tunnel interface cosi come l’interfaccia fisica
- interface fa0/0
ip address < ip-address >
half-duplex
crypto map vpn
8. Configurazione del NAT bypass se necessario:
- access-list 175 deny ip < local private network > < subnet mask > < remote private network > < subnet mask >
access-list 175 permit ip < local private network > < subnet mask > any
route-map nonat permit 10
match ip address 175
exit
!
ip nat inside source route-map nonat interface < outside interface name > overload