Yet Another Bulletin Board
Sponsored by: The Fans!


Welcome, Guest. Please Login or Register.
Dec 24th, 2024, 1:31pm

Upcoming Premiere Dates:
Survivor 23, Season premiere
Thursday, September 14 (8:00-9:30 PM, ET/PT) on CBS




Home Home Help Help Search Search Members Members Chat Chat Member Map Member Map Login Login Register Register

| Fantasy Survivor Game | Music Forums | The '80s Server Forums | Shop Online |



Metropolis Reality Forums « Aitai and Cisco do IPSEC VPN »

   Metropolis Reality Forums
   Amazing Race
   Fantasy Amazing Race Games
(Moderators: JP, Heather, Isle_be_back)
   Aitai and Cisco do IPSEC VPN
Previous topic | New Topic | Next topic »
Pages: 1  Reply Reply Add Poll Add Poll Notify of replies Notify of replies Send Topic Send Topic Print Print
   Author  Topic: Aitai and Cisco do IPSEC VPN  (Read 261 times)
qizhen0926
Guest

Email

Aitai and Cisco do IPSEC VPN
« on: Jan 11th, 2018, 2:27am »
Quote Quote Modify Modify Remove Remove

<p> A, Cisco (RouteB) </p>
<p> 1.CiscoACL  
Grandstream Voip Ip Pbx Ucm6100 Series Ip Pbx Appliance Ucm6102 Ucm6104 Ucm6108 Ucm6116 configuration (mainly refer to IPSec configuration which flow) </p>
<p> router (config) #access-list110permitIP192.168.11.00.0.0.255192.168.100.00.0.0.255</p>
<p> router (config) # access-list110permitIP192.168.100.00.0.0.255192.168.11.00.0.0.255</p>
<p> 2. the first phase of the IKE configuration of </p>
<p> I. use and shared key authentication and shared key encryption algorithm for cisco1122</p>
<p> ii.: des</p>
<p> III. certification md5</p>
<p> algorithm: iv.DH group: group2</p>
<p> v. SA </p>
<p> router the first phase of 28800  
Skype Video Ip Phone With Wifi Poe And Cmos Camera Gxv3140 seconds (config) #cryptoisakmpenable # IKE enabled (default startup) </p>
<p> router (config) #cryptoisakmppolicy100 IKE # establishment strategy, the priority is 100</p>
<p> router (config-isakmp) authenticationpre-share # # using pre shared Password authentication </p>
<p> router (config-isakmp) #encryptiondes # using DES encryption mode </p>
<p> (config-isakmp) router #group2 # specifies the key figures, group2 more secure, but more consumption of cpu</p>
<p> router (config-isakmp) #hashmd5 # specifies the hash algorithm for the MD5 (the other way: Sha, RSA) </p>
<p> router (config-isakmp) #lifetime28880 # designated SA valid time. The default is 86400 seconds, at both ends of </p>
<p> router (config) #cryptoisakmpkeycisco1122address192.168.0.124# configuration pre shared key (Cisco to specify the other address) </p>
<p> 3.IPSec </p>
<p> I. IPSec second stage configuration configuration: the actual exchange set is the definition of encryption and authentication algorithm in the second stage, subsequent references to </p>
<p> encryption algorithm: DES algorithm: MD5; authentication; encapsulation protocol: ESP</p>
<p> router (config) #cryptoipsectransform-setabcesp-desesp-md5-hmac</p>
<p> configuration IPSec exchange set the name ABC can be taken, both ends of the name can also be different, but other parameters should be consistent. </p>
<p> ii. configuration IPSec encryption map: actually identifies the identity of the other party, which flow to do IPSec, the survival of the second stage SA and the </p>
<p> router exchange set reference (config) #cryptomapmymap100ipsec-isakmp # create encrypted graph mymap can be custom name </p>
<p> router (config-crypto-map) #matchaddress110 # uses ACL to define the encrypted communications </p>
<p> router (config-crypto-map) #setpeer192.168.0.124 the other # ID router IP address </p>
<p> router (config-crypto-map) #settransform-setabc # specifies the encryption map using IPSEC </p>
<p> router (config-crypto-map) exchange in #setsecurity-associationlifetime86400 # specified second stage survival of SA </p>
<p> 4. will be applied to the interface on </p>
<p> Map Encryption router (config) #interfaceethernet0/1 WAN router # into port </p>
<p> (config-if) cryptomapmamap # # encryption Map is applied to the interface of </p>
<p> 5. configuration NONAT: to ensure the access to IPSec is not enabled NAT to end network 192.168.11.0/24, IPSec </p>
<p> router (config) #nat tunnel (inside)  
Huawei Smartax Ma5603T Gepon Olt Sfp 0access-list110</p>
<p> 6. note do not enable PFS</p>
<p> two and UTT2512 in Cisco (RouterA)  
configuration</p>
IP Logged
Back to top
Pages: 1  Reply Reply Add Poll Add Poll Notify of replies Notify of replies Send Topic Send Topic Print Print

Previous topic | New Topic | Next topic »

Metropolis Reality Forums » Powered by YaBB 1 Gold - SP 1.3.1!
YaBB © 2000-2003. All Rights Reserved.