Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Pre-Shared-Key: qGEtEaxKnXwqgwCKSWAP3LcazDG22omC
- Encryption-Set: AES-SHA esp-aes esp-sha-hmac
- IP Address Remote: 93.93.240.137
- 1-on-1-NAT Source: 10.85.1.0/24 & 10.85.2.0/24
- 1-on-1-NAT Translation: 10.14.0.0/24
- Cisco Example:
- crypto isakmp policy 1
- encr 3des
- authentication pre-share
- group 2
- crypto isakmp key qGEtEaxKnXwqgwCKSWAP3LcazDG22omC address 93.93.240.137
- !
- crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
- crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
- crypto ipsec transform-set 3DES-SHA-compression esp-3des esp-sha-hmac comp-lzs
- crypto ipsec transform-set AES-SHA-compression esp-aes esp-sha-hmac comp-lzs
- !
- crypto map NIXXIS-VPN 10 ipsec-isakmp
- set peer 93.93.240.137
- set transform-set AES-SHA
- set pfs group2
- match address NIXXIS-ACL
- !
- interface OUTSIDE
- ip nat outside
- crypto map NIXXIS-VPN
- !
- interface INSIDE
- ip nat inside
- !
- ip nat pool NIXXIS-NAT 10.100.0.1 10.100.0.254 prefix-length 24
- ip nat inside source route-map NIXXIS-NAT pool NIXXIS-NAT
- ip nat inside source route-map WORLD interface OUTSIDE overload
- !
- ip access-list extended NIXXIS-ACL
- permit ip 10.100.0.0 0.0.0.255 93.93.240.224 0.0.0.15
- permit ip 10.100.0.0 0.0.0.255 host 93.93.240.156
- !
- access-list 100 permit ip 10.85.2.0 0.0.0.255 93.93.240.224 0.0.0.15
- access-list 100 permit ip 10.85.2.0 0.0.0.255 host 93.93.240.156
- access-list 101 permit ip 10.85.2.0 0.0.0.255 any
- !
- route-map WORLD permit 10
- match ip address 101
- !
- route-map NIXXIS-NAT permit 10
- match ip address 100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement