[c-nsp] Cisco - Netscreen VPN
Ryan O'Connell
ryan at complicity.co.uk
Thu Oct 13 10:05:14 EDT 2005
On 13/10/2005 14:09, info at beprojects.com wrote:
>What do you have for the config on both ends? I've gotten it to work in
>the past (but I don't have copies of the configs).
>
>
At the Cisco end:
! Cisco IOS Software, 7200 Software (C7200-JK9O3S-M), Version 12.4(3),
RELEASE SOFTWARE (fc2)
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp key xxxxxxxxx address XXX.XX.XXX.132
!
crypto ipsec transform-set xx1 esp-aes esp-sha-hmac
!
crypto ipsec profile XX1
set transform-set xx1
!
interface Tunnel0
ip unnumbered FastEthernet1/0 (Fast1/0 is the inside NAT interface)
ip mtu 1300
tunnel source Loopback0
tunnel destination XXX.XX.XXX.132
tunnel mode ipsec ipv4
tunnel protection ipsec profile XX1
!
interface Loopback0
ip address XXX.XXX.XXX.163 255.255.255.255
!
ip route XXX.XX.XXX.88 255.255.255.248 Tunnel0
And on the Netscreen:
!Software Version: 5.0.0r10b.0
set interface "ethernet3" zone "Untrust"
set interface "tunnel.1" zone "Trust"
set interface ethernet3 ip XXX.XX.XXX.132/28
set interface tunnel.1 ip unnumbered interface ethernet1
set flow path-mtu
set ike gateway "Xxxxxx" address XXX.XXX.XXX.163 Main outgoing-interface "ethernet3" preshare "XXXXXXXXX" proposal "pre-g2-aes128-sha"
set ike respond-bad-spi 1
set vpn "Xxxxxx" gateway "Xxxxxx" no-replay tunnel idletime 0 proposal "nopfs-esp-aes128-sha"
set vpn "Xxxxxx" id 1 bind interface tunnel.1
set route 192.168.1.0/24 interface tunnel.1
More information about the cisco-nsp
mailing list