Gre tunnel linux cisco: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| (7 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
| + | =Variabeln= | ||
*LINUX WAN IP = 192.168.240.252 | *LINUX WAN IP = 192.168.240.252 | ||
*CISCO WAN IP = 192.168.244.96 | *CISCO WAN IP = 192.168.244.96 | ||
| − | |||
=Linux Site= | =Linux Site= | ||
*ip tunnel add gretun mode gre remote 192.168.244.96 local 192.168.240.252 ttl 255 | *ip tunnel add gretun mode gre remote 192.168.244.96 local 192.168.240.252 ttl 255 | ||
| Zeile 17: | Zeile 17: | ||
=Mit IPSEC Transport Mode= | =Mit IPSEC Transport Mode= | ||
| + | ==Linux Site== | ||
| + | */etc/ipsec.conf | ||
| + | <pre> | ||
| + | version 2.0 | ||
| + | config setup | ||
| + | protostack=netkey | ||
| + | nat_traversal=yes | ||
| + | |||
| + | conn max-cisco | ||
| + | authby=secret | ||
| + | type=transport | ||
| + | left=192.168.244.96 | ||
| + | right=192.168.240.252 | ||
| + | ike=aes256-md5-modp1536 | ||
| + | phase2alg=aes256-sha | ||
| + | pfs=no | ||
| + | auto=start | ||
| + | </pre> | ||
| + | */etc/ipsec.secrets | ||
| + | 192.168.240.252 192.168.244.96 : PSK "sehr-geheim" | ||
| + | |||
| + | ==Cisco Site== | ||
<pre> | <pre> | ||
;Phase 1 | ;Phase 1 | ||
| Zeile 47: | Zeile 69: | ||
</pre> | </pre> | ||
| − | + | *https://supportforums.cisco.com/document/12013476/crypto-map-based-ipsec-vpn-fundamentals-negotiation-and-configuration#IPsec | |
| − | + | *http://www.xinux.net/index.php/CISCO_IPSEC_Site_to_Site_VPN | |
| − | |||
*https://learningnetwork.cisco.com/docs/DOC-2457 | *https://learningnetwork.cisco.com/docs/DOC-2457 | ||
| + | *https://supportforums.cisco.com/document/13576/how-configure-gre-tunnel | ||
Aktuelle Version vom 7. Dezember 2017, 19:53 Uhr
Variabeln
- LINUX WAN IP = 192.168.240.252
- CISCO WAN IP = 192.168.244.96
Linux Site
- ip tunnel add gretun mode gre remote 192.168.244.96 local 192.168.240.252 ttl 255
- ip address add dev gretun 10.11.12.13/24
- ip link set gretun up
Cisco Site
interface Tunnel1 ip address 10.11.12.12 255.255.255.0 ip mtu 1400 ip tcp adjust-mss 1360 tunnel source 192.168.244.96 tunnel destination 192.168.240.252
Mit IPSEC Transport Mode
Linux Site
- /etc/ipsec.conf
version 2.0
config setup
protostack=netkey
nat_traversal=yes
conn max-cisco
authby=secret
type=transport
left=192.168.244.96
right=192.168.240.252
ike=aes256-md5-modp1536
phase2alg=aes256-sha
pfs=no
auto=start
- /etc/ipsec.secrets
192.168.240.252 192.168.244.96 : PSK "sehr-geheim"
Cisco Site
;Phase 1 crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 ;ACL access-list 120 permit ip host 192.168.244.96 host 192.168.240.252 ;PSK crypto isakmp key sehr-geheim address 192.168.240.252 ;Phase 2 crypto ipsec transform-set AES-256-SHA-TRANSPORT esp-aes 256 esp-sha-hmac mode transport ;Zusammenfassen crypto map max-cisco 10 ipsec-isakmp set peer 192.168.240.252 set transform-set AES-256-SHA-TRANSPORT match address 120 ;Interface zuordnen interface FastEthernet0/0 crypto map max-cisco
- https://supportforums.cisco.com/document/12013476/crypto-map-based-ipsec-vpn-fundamentals-negotiation-and-configuration#IPsec
- http://www.xinux.net/index.php/CISCO_IPSEC_Site_to_Site_VPN
- https://learningnetwork.cisco.com/docs/DOC-2457
- https://supportforums.cisco.com/document/13576/how-configure-gre-tunnel