Gre tunnel linux cisco: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(8 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
 +
=Variabeln=
 
*LINUX WAN IP = 192.168.240.252
 
*LINUX WAN IP = 192.168.240.252
 
*CISCO WAN IP = 192.168.244.96
 
*CISCO WAN IP = 192.168.244.96
 
 
=Linux Site=
 
=Linux Site=
 
*ip tunnel add gretun mode gre remote 192.168.244.96 local 192.168.240.252 ttl 255
 
*ip tunnel add gretun mode gre remote 192.168.244.96 local 192.168.240.252 ttl 255
Zeile 16: Zeile 16:
 
</pre>
 
</pre>
  
 +
=Mit IPSEC Transport Mode=
 +
==Linux Site==
 +
*/etc/ipsec.conf
 +
<pre>
 +
version 2.0
 +
config setup
 +
        protostack=netkey
 +
        nat_traversal=yes
 +
 +
conn max-cisco
 +
      authby=secret
 +
      type=transport
 +
      left=192.168.244.96
 +
      right=192.168.240.252
 +
      ike=aes256-md5-modp1536
 +
      phase2alg=aes256-sha
 +
      pfs=no
 +
      auto=start
 +
</pre>
 +
*/etc/ipsec.secrets
 +
192.168.240.252 192.168.244.96 : PSK "sehr-geheim"
 +
 +
==Cisco Site==
 +
<pre>
 +
;Phase 1
 +
crypto isakmp policy 10
 +
encr aes 256
 +
authentication pre-share
 +
group 5
 +
 +
;ACL
 +
access-list 120 permit ip host 192.168.244.96 host 192.168.240.252
 +
 +
 +
;PSK
 +
crypto isakmp key sehr-geheim address 192.168.240.252
 +
 +
;Phase 2
 +
crypto ipsec transform-set AES-256-SHA-TRANSPORT esp-aes 256 esp-sha-hmac
 +
mode transport
 +
 +
;Zusammenfassen
 +
crypto map max-cisco 10 ipsec-isakmp
 +
set peer 192.168.240.252
 +
set transform-set AES-256-SHA-TRANSPORT
 +
match address 120
 +
 +
;Interface zuordnen
 +
interface FastEthernet0/0 crypto map max-cisco
 +
 +
 +
</pre>
  
 +
*https://supportforums.cisco.com/document/12013476/crypto-map-based-ipsec-vpn-fundamentals-negotiation-and-configuration#IPsec
 +
*http://www.xinux.net/index.php/CISCO_IPSEC_Site_to_Site_VPN
 
*https://learningnetwork.cisco.com/docs/DOC-2457
 
*https://learningnetwork.cisco.com/docs/DOC-2457
 +
*https://supportforums.cisco.com/document/13576/how-configure-gre-tunnel

Aktuelle Version vom 7. Dezember 2017, 19:53 Uhr

Variabeln

  • LINUX WAN IP = 192.168.240.252
  • CISCO WAN IP = 192.168.244.96

Linux Site

  • ip tunnel add gretun mode gre remote 192.168.244.96 local 192.168.240.252 ttl 255
  • ip address add dev gretun 10.11.12.13/24
  • ip link set gretun up

Cisco Site

interface Tunnel1
 ip address 10.11.12.12 255.255.255.0
 ip mtu 1400
 ip tcp adjust-mss 1360
 tunnel source 192.168.244.96
 tunnel destination 192.168.240.252

Mit IPSEC Transport Mode

Linux Site

  • /etc/ipsec.conf
version 2.0
config setup
        protostack=netkey
        nat_traversal=yes

conn max-cisco
      authby=secret
      type=transport
      left=192.168.244.96
      right=192.168.240.252
      ike=aes256-md5-modp1536
      phase2alg=aes256-sha
      pfs=no
      auto=start
  • /etc/ipsec.secrets
192.168.240.252 192.168.244.96 : PSK "sehr-geheim"

Cisco Site

;Phase 1
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5

;ACL
access-list 120 permit ip host 192.168.244.96 host 192.168.240.252


;PSK
crypto isakmp key sehr-geheim address 192.168.240.252

;Phase 2
crypto ipsec transform-set AES-256-SHA-TRANSPORT esp-aes 256 esp-sha-hmac 
 mode transport

;Zusammenfassen
crypto map max-cisco 10 ipsec-isakmp 
 set peer 192.168.240.252
 set transform-set AES-256-SHA-TRANSPORT 
 match address 120

;Interface zuordnen
interface FastEthernet0/0 crypto map max-cisco
Abgerufen von „http://wiki.ixheim.de/index.php?title=Gre_tunnel_linux_cisco&oldid=15894