2011年5月24日火曜日

memo

CISCO
crypto isakmp policy 1
 authentication pre-share
crypto isakmp key cisco address 対抗アドレス
!
crypto ipsec transform-set TS-IPSEC esp-3des esp-sha-hmac
!
crypto map MAP-IPSEC 1 ipsec-isakmp
 set peer 対抗アドレス
 set transform-set TS-IPSEC
 match address 100

interface 送信元インタフェイス
 crypto map MAP-IPSEC
!
!
ip nat inside source list 1 interface FastEthernet0 overload
!
access-list 1 permit any
access-list 100 permit ip host 変換後アドレス 送信元アドレス 0.0.0.255



YAMAHA
tunnel select 1
ipsec tunnel 101
tunnel enable 1
ip route 1.1.4.0/24 gateway tunnel 1
ipsec auto refresh on
ipsec ike duration ipsec-sa 1 24000
ipsec ike duration isakmp-sa 1 24000
ipsec ike local address 1 1.1.2.1
ipsec ike pre-shared-key 1 *
ipsec ike remote address 1 1.1.3.1
ipsec sa policy 101 1 esp des-cbc

0 件のコメント:

コメントを投稿