Welcome! Log In Create A New Profile

Advanced

Aitai and Cisco do IPSEC VPN

Posted by hhm1020 
Aitai and Cisco do IPSEC VPN
January 11, 2018 02:59AM
<p> A, Cisco (Routecool smiley </p>
<p> 1.CiscoACL
Original Huawei Echolife Hg8310M Gpon Terminal Ont Gepon Onu configuration (mainly refer to IPSec configuration which flow) </p>
<p> router (config) #access-list110permitIP192.168.11.00.0.0.255192.168.100.00.0.0.255</p>
<p> router (config) # access-list110permitIP192.168.100.00.0.0.255192.168.11.00.0.0.255</p>
<p> 2. the first phase of the IKE configuration of </p>
<p> I. use and shared key authentication and shared key encryption algorithm for cisco1122</p>
<p> ii.: des</p>
<p> III. certification md5</p>
<p> algorithm: iv.DH group: group2</p>
<p> v. SA </p>
<p> router the first phase of 28800
Grandstream Voip Sip Phone Expansion Module seconds (config) #cryptoisakmpenable # IKE enabled (default startup) </p>
<p> router (config) #cryptoisakmppolicy100 IKE # establishment strategy, the priority is 100</p>
<p> router (config-isakmp) authenticationpre-share # # using pre shared Password authentication </p>
<p> router (config-isakmp) #encryptiondes # using DES encryption mode </p>
<p> (config-isakmp) router #group2 # specifies the key figures, group2 more secure, but more consumption of cpu</p>
<p> router (config-isakmp) #hashmd5 # specifies the hash algorithm for the MD5 (the other way: Sha, RSA) </p>
<p> router (config-isakmp) #lifetime28880 # designated SA valid time. The default is 86400 seconds, at both ends of </p>
<p> router (config) #cryptoisakmpkeycisco1122address192.168.0.124# configuration pre shared key (Cisco to specify the other address) </p>
<p> 3.IPSec </p>
<p> I. IPSec second stage configuration configuration: the actual exchange set is the definition of encryption and authentication algorithm in the second stage, subsequent references to </p>
<p> encryption algorithm: DES algorithm: MD5; authentication; encapsulation protocol: ESP</p>
<p> router (config) #cryptoipsectransform-setabcesp-desesp-md5-hmac</p>
<p> configuration IPSec exchange set the name ABC can be taken, both ends of the name can also be different, but other parameters should be consistent. </p>
<p> ii. configuration IPSec encryption map: actually identifies the identity of the other party, which flow to do IPSec, the survival of the second stage SA and the </p>
<p> router exchange set reference (config) #cryptomapmymap100ipsec-isakmp # create encrypted graph mymap can be custom name </p>
<p> router (config-crypto-map) #matchaddress110 # uses ACL to define the encrypted communications </p>
<p> router (config-crypto-map) #setpeer192.168.0.124 the other # ID router IP address </p>
<p> router (config-crypto-map) #settransform-setabc # specifies the encryption map using IPSEC </p>
<p> router (config-crypto-map) exchange in #setsecurity-associationlifetime86400 # specified second stage survival of SA </p>
<p> 4. will be applied to the interface on </p>
<p> Map Encryption router (config) #interfaceethernet0/1 WAN router # into port </p>
<p> (config-if) cryptomapmamap # # encryption Map is applied to the interface of </p>
<p> 5. configuration NONAT: to ensure the access to IPSec is not enabled NAT to end network 192.168.11.0/24, IPSec </p>
<p> router (config) #nat tunnel (inside)
Original Gxw4008 Internet Ip Pbx Telephone Gateway 0access-list110</p>
<p> 6. note do not enable PFS</p>
<p> two and UTT2512 in Cisco (RouterA)
configuration</p>
Author:

Your Email:


Subject:


Spam prevention:
Please, solve the mathematical question and enter the answer in the input field below. This is for blocking bots that try to post this form automatically.
Question: how much is 22 plus 21?
Message: