IPSec HSRP (CISCO SYSTEM):
Configurazione GW milano:
I
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco address 9.1.1.146
crypto isakmp keepalive 60 3
!
crypto ipsec transform –set test esp-3des esp-sha-hmac
!
crypto map vpn 1 ipsec-isakmp
set peer 9.1.1.146
set transform-set test
match address 100
reverse-route remote-peer 9.1.1.33
!
interface fastethernet 0/0
ip address 9.1.1.36 255.255.255.248
full-duplex
random-detect
standby delay minimum 30 reload 60
standby ip 9.1.1.37
standby priority 105
standby preempt
standby name ipsec
standby track fastethernet 1/0
crypto map vpn redundancy ipsec
!
interface fastethernet 1/0
ip address 10.1.1.2 255.255.255.0
duplex full
standby 1 ip 10.1.1.1
standby 1 priority 105
standby 1 preempt
standby 1 name ip
standby 1 track fastethernet 0/0
!
router ospf 1
log-adjacency-changes
redistribuite static subnets
network 10.1.1.0 0.0.0.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 9.1.1.33
no ip http server
!
access-list 100 permit ip 10.1.1.0 0.0.0.255 10.0.0.0 0.0.0.255
!
end
Configurazione GW roma:
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco address 9.1.1.37
crypto isakmp keepalive 60 3
!
crypto map vpn 1 ipsec-isakmp
set peer 9.1.1.37
set transform-set test
match address 100
!
interface serial 0/0
ip address 9.1.1.146 255.255.255.252
crypto map vpn
!
interface ethernet 0/1
ip address 10.0.0.1 255.255.255.0
half-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 9.1.1.145
!
access-list 100 permit ip 10.0.0.0 0.0.0.255 10.1.1.0 0.0.0.255
!
end