support@davidbombal.com

GNS3 Topology: https://goo.gl/p7p8pq
Get the VPN Config Generator and all my videos as part of a subscription here: https://goo.gl/mJMZGW
Cisco documentation: https://goo.gl/hjmdFR

For lots more content, visit http://www.davidbombal.com – learn about GNS3, CCNA, Packet Tracer, Python, Ansible and much, much more.

VPN Configuration:

======================================================
! CONFIG FOR: C1 !
! ======================================================

access-list 100 remark ****** Link to C2 ******
access-list 100 permit ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255
!
access-list 101 remark ****** NAT ACL ******
access-list 101 deny ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255
access-list 101 permit ip 10.1.1.0 0.0.0.255 any
!
ip nat inside source route-map nonat interface G0/1 overload
!
route-map nonat permit 10
match ip address 101
!
crypto isakmp policy 10
hash md5
authentication pre-share
encryption 3des
group 2
lifetime 86400
!
crypto isakmp key cisco123 address 8.8.11.2
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
mode tunnel
!
crypto map mymap 1 ipsec-isakmp
description ****** Link to C2 ******
set peer 8.8.11.2
set transform-set myset
set pfs group2
match address 100
set security-association lifetime seconds 86400
set security-association lifetime kilobytes 4608000
!
interface G0/1
crypto map mymap
ip nat outside
!
interface G0/0
ip nat inside

!=====================================================
! CONFIG FOR: C2 !
! ======================================================

access-list 100 remark ****** Link to C1 ******
access-list 100 permit ip 10.1.2.0 0.0.0.255 10.1.1.0 0.0.0.255
!
access-list 101 remark ****** NAT ACL ******
access-list 101 deny ip 10.1.2.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 101 permit ip 10.1.2.0 0.0.0.255 any
!
ip nat inside source route-map nonat interface G0/1 overload
!
route-map nonat permit 10
match ip address 101
!
crypto isakmp policy 10
hash md5
authentication pre-share
encryption 3des
group 2
lifetime 86400
!
crypto isakmp key cisco123 address 8.8.10.2
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
mode tunnel
!
crypto map mymap 2 ipsec-isakmp
description ****** Link to C1 ******
set peer 8.8.10.2
set transform-set myset
set pfs group2
match address 100
set security-association lifetime seconds 86400
set security-association lifetime kilobytes 4608000
!
interface G0/1
crypto map mymap
ip nat outside
!
interface G0/0
ip nat inside

!=========================================

Go here for more: https://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2-0/ip_security/provisioning/guide/IPsecPG1.html

subscribe
  • David Bombal

Search

Categories

Recent Posts

I got Pwned … and so did you! (you’re likely in the 12 Billion)
Windows Pentest Tutorial (Active Directory Game Over!)
What’s the Future of AI in Cybersecurity and Hacking (are we doomed)?
It’s DNS again 😢 Did you know this Malware Hack?
Kali NetHunter Pro in 6 minutes
His new gadget any good? (Can he catch me?)
How to be Invisible Online (and the hard truth about it)…
Raspberry Pi Availability Update and Painful decisions (Eben Upton Interview)
Birthday Giveaway

Birthday Giveaway

A PhD in Hacking & AI?

A PhD in Hacking & AI?

Eben Upton Interview (Raspberry Pi)
Kali Linux TP-Link TL-WN722N install (1 command fix)
Pentester Blueprint: Your road to success
Deep Dive OSINT (Hacking, Shodan and more!)
The best Hacking Cert just got updated (OSCP PEN-200)
Hacking IoT devices with Python (it’s too easy to take control)
Kali Linux NetHunter with WiFi support (rooted Android install)
Root Android (Kali Linux NetHunter install)
My training for free on Cisco’s website??
What happened to Cisco certs?