Gre tunnel linux cisco: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 15: | Zeile 15: | ||
tunnel destination 192.168.240.252 | tunnel destination 192.168.240.252 | ||
</pre> | </pre> | ||
| + | |||
| + | =Mit IPSEC Transport Mode= | ||
| + | <pre> | ||
| + | ;Phase 1 | ||
| + | crypto isakmp policy 10 | ||
| + | encr aes 256 | ||
| + | authentication pre-share | ||
| + | group 5 | ||
| + | |||
| + | ;ACL | ||
| + | access-list 120 permit ip host 192.168.244.96 host 192.168.240.252 | ||
| + | |||
| + | |||
| + | ;PSK | ||
| + | crypto isakmp key sehr-geheim address 192.168.240.252 | ||
| + | |||
| + | ;Phase 2 | ||
| + | crypto ipsec transform-set AES-256-SHA-TRANSPORT esp-aes 256 esp-sha-hmac | ||
| + | mode transport | ||
| + | |||
| + | ;Zusammenfassen | ||
| + | crypto map max-cisco 10 ipsec-isakmp | ||
| + | set peer 192.168.240.252 | ||
| + | set transform-set AES-256-SHA-TRANSPORT | ||
| + | match address 120 | ||
| + | |||
| + | ;Interface zuordnen | ||
| + | interface FastEthernet0/0 crypto map max-cisco | ||
| + | |||
| + | |||
| + | </pre> | ||
| + | |||
| + | |||
*https://learningnetwork.cisco.com/docs/DOC-2457 | *https://learningnetwork.cisco.com/docs/DOC-2457 | ||
Version vom 14. März 2016, 15:56 Uhr
- LINUX WAN IP = 192.168.240.252
- CISCO WAN IP = 192.168.244.96
Linux Site
- ip tunnel add gretun mode gre remote 192.168.244.96 local 192.168.240.252 ttl 255
- ip address add dev gretun 10.11.12.13/24
- ip link set gretun up
Cisco Site
interface Tunnel1 ip address 10.11.12.12 255.255.255.0 ip mtu 1400 ip tcp adjust-mss 1360 tunnel source 192.168.244.96 tunnel destination 192.168.240.252
Mit IPSEC Transport Mode
;Phase 1 crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 ;ACL access-list 120 permit ip host 192.168.244.96 host 192.168.240.252 ;PSK crypto isakmp key sehr-geheim address 192.168.240.252 ;Phase 2 crypto ipsec transform-set AES-256-SHA-TRANSPORT esp-aes 256 esp-sha-hmac mode transport ;Zusammenfassen crypto map max-cisco 10 ipsec-isakmp set peer 192.168.240.252 set transform-set AES-256-SHA-TRANSPORT match address 120 ;Interface zuordnen interface FastEthernet0/0 crypto map max-cisco