Cisco2500-GRE+IPSec+NAT

cisco2500:

crypto isakmp policy 1
hash md5
authentication pre-share
group 2
crypto isakmp key 123456 address 202.105.211.98
!
!
crypto ipsec transform-set vpnipsec esp-des esp-md5-hmac
!
!
crypto map vpn2500 local-address Ethernet1
crypto map vpn2500 10 ipsec-isakmp
set peer 202.105.211.98
set transform-set vpnipsec
match address 101
!
!
!
interface Tunnel0
ip address 192.168.100.1 255.255.255.0
no ip directed-broadcast
tunnel source 202.105.203.94
tunnel destination 202.105.211.98
crypto map vpn2500
!
interface Ethernet0
ip address 192.168.0.135 255.255.255.0 secondary
ip address 202.105.204.98 255.255.255.240
no ip directed-broadcast
ip nat inside
!
interface Ethernet1
ip address 202.105.203.94 255.255.255.252
no ip directed-broadcast
ip nat outside
crypto map vpn2500
!
ip nat pool nat2500 202.105.204.98 202.105.204.98 netmask 255.255.255.240
ip nat inside source list 102 pool nat2500 overload
ip classless
ip route 0.0.0.0 0.0.0.0 202.105.203.93
ip route 172.16.0.0 255.255.255.0 Tunnel0
!
access-list 101 permit gre host 202.105.203.94 host 202.105.211.98
access-list 102 deny ip 192.168.0.0 0.0.0.255 172.16.0.0 0.0.0.255
access-list 102 permit ip 192.168.0.0 0.0.0.255 any

cisco2600:

crypto isakmp policy 1
hash md5
authentication pre-share
group 2
crypto isakmp key 123456 address 202.105.203.94 255.255.255.252
!
!
crypto ipsec transform-set vpnipsec esp-des esp-md5-hmac
!
crypto map vpn2600 local-address Ethernet0/0
crypto map vpn2600 10 ipsec-isakmp
set peer 202.105.203.94
set transform-set vpnipsec
match address 101
!
interface Tunnel0
ip address 192.168.100.2 255.255.255.0
tunnel source Ethernet0/0
tunnel destination 202.105.203.94
crypto map vpn2600
!
interface Ethernet0/0
ip address 202.105.211.98 255.255.255.240
ip nat outside
half-duplex
crypto map vpn2600
!
interface Ethernet0/1
ip address 172.16.0.1 255.255.255.0 secondary
ip address 202.105.212.98 255.255.255.240
ip nat inside
half-duplex
!
ip nat pool nat2600 202.105.212.98 202.105.212.98 netmask 255.255.255.240
ip nat inside source list 102 pool nat2600 overload
ip classless
ip route 0.0.0.0 0.0.0.0 202.105.211.97
ip route 192.168.0.0 255.255.255.0 Tunnel0
ip http server
!
!
access-list 101 permit gre host 202.105.211.98 host 202.105.203.94
access-list 102 deny ip 172.16.0.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 102 permit ip 172.16.0.0 0.0.0.255 any
!

Comments are closed.