Перед Вами стоит задача: постоить VPN корпоративной сети. Главный маршрутизатор (Cisco 1721) стоит в main офисе (внешний ip 80.80.80.1 внутренний 172.16.1.3) в подразделениях стоят Cisco 831 (внешний ip 222.222.222.2 внутренний 192.168.2.3)
Отрывки конфигов:
MAIN
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key superkey address 222.222.222.2
!
!
crypto ipsec transform-set VPN esp-des esp-md5-hmac
mode transport
!
!
crypto map myvpn 10 ipsec-isakmp
set peer 222.222.222.2
set transform-set VPN
match address 101
!
!
interface Tunnel0
ip address 192.168.16.1 255.255.255.0
tunnel source Ethernet0
tunnel destination 222.222.222.2
crypto map myvpn
!
!
interface Ethernet0
ip address 80.80.80.1 255.255.255.248
crypto map myvpn
!
ip classless
ip route 0.0.0.0 0.0.0.0 80.80.80.2 (гейт)
ip route 192.168.2.0 255.255.255.0 Tunnel0
!
!
access-list 101 permit gre host 80.80.80.1 host 222.222.222.2
831
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key superkey address 80.80.80.1
!
!
crypto ipsec transform-set VPN esp-des esp-md5-hmac
mode transport
!
!
crypto map myvpn 10 ipsec-isakmp
set peer 80.80.80.1
set transform-set VPN
match address 101
!
!
interface Tunnel0
ip address 192.168.16.2 255.255.255.0
tunnel source Ethernet0
tunnel destination 80.80.80.1
crypto map myvpn
!
!
interface Ethernet0
ip address 222.222.222.2 255.255.255.248
crypto map myvpn
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 222.222.222.3 (гейт)
ip route 172.16.1.0 255.255.255.0 Tunnel0
!
!
access-list 101 permit gre host 222.222.222.2 host 80.80.80.1
