Saturday, 25 January 2014

30 second guide to setting up an interface mode VPN on Cisco IOS

This is like one of those recipe book type 1 page cheat sheets. This relies on you knowing IOS well enough to just need a jog.

So to set up an interface mode (Virtual tunnel interface in Cisco speak) vpn you need these commands:

crypto isakmp policy
crypto isakmp key
crypto ipsec transform set
crypto ipsec profile

policy-map maybe
class class-default
shape average 128000

int tun
ip address maybe or ip unnumbered vlan1 to tie to vlan1
tun source outsideIP
tun destin otherend
tunnel mode ipsec ipv4
tunnel protection ipsec profile
service-policy maybe?

ip route tun0 perm?
or use Ip and dynamic routing rip v2?

If you're switching from proxy style VPN then remove the crypto map unless you still have dynamic client vpns and remove the IPSec policy for the connection.

The tunnel ones are just so much nicer.  No NAT hassles, easy policy QoS etc. 

Also help diag commands:

sh crypto session detail 

No comments:

CS:GO on Linux not starting

Valve, for a company that supposedly loves Linux your support is terrible. I got pointed to a community forum for support when logging this ...