1) Well this config is mostly leeched from Cisco.com.
This is the lab scenario where two rotuers are connected via ethernet usign a cross cable.
The idea is to encrypt traffic over the link connecting Delhi & Mumbai Routers, only for the traffic between Ram and Sita. All other traffic flowing between Delhi & Mumbai goes unencrypted.
******At Delhi*************
version 12.4
hostname Delhi
!
!
enable secret cisco
!
!
ip cef
!
!
!
!
username cisco password cisco
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
crypto isakmp key cisco12345 address 10.10.10.6
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association idle-time 120
!
crypto ipsec transform-set vpn esp-3des esp-md5-hmac
!
crypto map vpnns local-address GigabitEthernet0/1
crypto map vpnns 1 ipsec-isakmp
set peer 10.10.10.6
set transform-set vpn
match address 110
!
!
!
interface GigabitEthernet0/0
description : Connect to LAN
ip address 10.10.10.1 255.255.255.252
no ip redirects
no ip proxy-arp
ip accounting access-violations
duplex full
speed 100
ntp disable
!
interface GigabitEthernet0/1
description To Mumbai
ip address 10.10.10.5 255.255.255.252
no ip redirects
no ip proxy-arp
ip route-cache flow
duplex full
speed 100
crypto map vpnns
!
router eigrp 1
passive-interface default
no passive-interface FastEthernet0/1
network 10.0.0.0
no auto-summary
!
access-list 110 permit ip host 10.10.10.2 host 10.10.10.10
!
line con 0
exec-timeout 5 0
login local
line aux 0
no exec
line vty 0 2
exec-timeout 5 0
login local
transport input telnet
line vty 3 4
exec-timeout 0 1
login local
no exec
transport input none
!
end
*********At Mumbai********
version 12.4
!
hostname Mumbai
!
!
enable secret cisco
!
no aaa new-model
!
ip cef
!
!
!
!
!
!
username cisco password cisco
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
crypto isakmp key cisco12345 address 10.10.10.5
!
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association idle-time 120
!
crypto ipsec transform-set vpn esp-3des esp-md5-hmac
!
crypto map vpnns local-address FastEthernet0/1
crypto map vpnns 1 ipsec-isakmp
set peer 10.10.10.5
set transform-set vpn
match address 110
!
interface FastEthernet0/0
description : Connect to LAN
ip address 10.10.10.9 255.255.255.252
no ip redirects
no ip proxy-arp
ip accounting access-violations
speed 100
full-duplex
ntp disable
!
interface FastEthernet0/1
description To Delhi
ip address 10.10.10.6 255.255.255.252
no ip redirects
no ip proxy-arp
ip route-cache flow
speed 100
full-duplex
crypto map vpnns
!
!
router eigrp 1
passive-interface default
no passive-interface FastEthernet0/1
network 10.0.0.0
no auto-summary
!
access-list 110 permit ip host 10.10.10.9 host 10.10.10.2
!
line con 0
exec-timeout 5 0
login local
line aux 0
no exec
line vty 0 2
exec-timeout 5 0
login local
transport input telnet
line vty 3 4
exec-timeout 0 1
login local
no exec
transport input none
!
end
********************************
