Search This Blog

Thursday, October 8, 2015

Moving traffic between 2 IPSec tunnels using route-based VPN

Where R2 local network (192.168.20.0/24) can reach R3 local network (192.168.30.0/24) and vice versa but this time using route-based VPN.

The first tunnel is between R1 and R2, the second tunnel is between R1 and R3.
The same network diagram as in the previous post.

R1 configuration:

crypto keyring VPN_KEY_R2
  pre-shared-key address 10.1.12.2 key cisco
!
crypto keyring VPN_KEY_R3
  pre-shared-key address 10.1.13.3 key cisco
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
!
crypto isakmp profile ISAKMP_PROFILE_R2
   keyring VPN_KEY_R2
   match identity address 10.1.12.2 255.255.255.255
!
crypto isakmp profile ISAKMP_PROFILE_R3
   keyring VPN_KEY_R3
   match identity address 10.1.13.3 255.255.255.255
!
crypto ipsec transform-set MYSET esp-aes 256 esp-sha-hmac
!
crypto ipsec profile IPSEC_PROFILE
 set transform-set MYSET
!
interface Tunnel12
 ip address 10.2.0.1 255.255.255.0
 tunnel source fa 0/0
 tunnel destination 10.1.12.2
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile IPSEC_PROFILE
!
interface Tunnel13
 ip address 10.3.0.1 255.255.255.0
 tunnel source fa 1/0
 tunnel destination 10.1.13.3
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile IPSEC_PROFILE
!
ip route 192.168.20.0 255.255.255.0 10.2.0.2
ip route 192.168.30.0 255.255.255.0 10.3.0.3

R2 configuration:

crypto keyring VPN_KEY
  pre-shared-key address 10.1.12.1 key cisco
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
!
crypto isakmp profile ISAKMP_PROFILE
   keyring VPN_KEY
   match identity address 10.1.12.1 255.255.255.255
!
crypto ipsec transform-set MYSET esp-aes 256 esp-sha-hmac
!
crypto ipsec profile IPSEC_PROFILE
 set transform-set MYSET
!
interface Tunnel12
 ip address 10.2.0.2 255.255.255.0
 tunnel source fa 0/0
 tunnel destination 10.1.12.1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile IPSEC_PROFILE
!
ip route 192.168.10.0 255.255.255.0 10.2.0.1
ip route 192.168.30.0 255.255.255.0 10.2.0.1

R3 configuration:

crypto keyring VPN_KEY
  pre-shared-key address 10.1.13.1 key cisco
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
!
crypto isakmp profile ISAKMP_PROFILE
   keyring VPN_KEY
   match identity address 10.1.13.1 255.255.255.255
!
crypto ipsec transform-set MYSET esp-aes 256 esp-sha-hmac
!
crypto ipsec profile IPSEC_PROFILE
 set transform-set MYSET
!
interface Tunnel13
 ip address 10.3.0.3 255.255.255.0
 tunnel source fa 0/0
 tunnel destination 10.1.13.1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile IPSEC_PROFILE
!
ip route 192.168.10.0 255.255.255.0 10.2.0.1
ip route 192.168.20.0 255.255.255.0 10.2.0.1



Posted by at
Labels: , ,

1 comment:

  1. AnonymousDecember 7, 2022 at 6:37 AM

    Discover the electrifying motion at Little Creek Casino Resort. With over 750 machines may be} conveniently spaced to observe social distancing restrictions, Little Creek is home to the areas greatest mix of electronic gaming. You can win every so often, but don't go in expecting to win and surprise why a recreation paid out so properly yesterday and today there's be} nothing. Emotions are key, be relaxed, be alert, and take your time to be smart, you've got got} a great chance of profitable. I actually have} withdrawn cash in the last few|the earlier few|the earlier 1xbet korean couple of} months; that's pretty good in order that could be} done.

    ReplyDelete

Subscribe to: Post Comments (Atom)