This is like one of those recipe book type 1 page cheat sheets. This relies on you knowing IOS well enough to just need a jog.
So to set up an interface mode (Virtual tunnel interface in Cisco speak) vpn you need these commands:
crypto isakmp policy
crypto isakmp key
crypto ipsec transform set
crypto ipsec profile
policy-map maybe
class class-default
shape average 128000
int tun
ip address maybe or ip unnumbered vlan1 to tie to vlan1
tun source outsideIP
tun destin otherend
tunnel mode ipsec ipv4
tunnel protection ipsec profile
service-policy maybe?
ip route tun0 perm?
or use Ip and dynamic routing rip v2?
If you're switching from proxy style VPN then remove the crypto map unless you still have dynamic client vpns and remove the IPSec policy for the connection.
The tunnel ones are just so much nicer. No NAT hassles, easy policy QoS etc.
Also help diag commands:
sh crypto session detail
Subscribe to:
Post Comments (Atom)
-
I'm test driving Ubuntu after using Gentoo for years and found Librewolf gave me this warning banner. “some of LibreWolf’s security feat...
-
We still see this one occasionally. Had one case where we needed to get a policy on but couldn't reboot the firewall. So, tried a few ...
-
I gave Windows 10 another try tonight and after some pretty hefty updates I still have the same issues as before. Same hardware on Windows ...
No comments:
Post a Comment