See below two scenarios:
1) SW1 ezVPN client connected to router R1 ezVPN server
2) SW1 ezVPN client connected to firewall ASA ezVPN server
Saturday, October 17, 2009
Friday, October 9, 2009
VRF-aware IPSEC Virtual Interface Tunnels
R3 (f0/0 and f0/1) is connected to SW1 (f1/3 and f1/13) on two Fast Ethernet interfaces (R3 f0/0-SW1 f/13 and R3 f0/1 to SW1 f1/13). IPSEC Tunnel 100 and 200 are originating from both pairs of Fast Ethernet interfaces. Network 1.1.1.0 and 3.3.3.0 are routed over Tunnel 100 and 2.2.2.0 and 4.4.4.0 over Tunnel 200. See configurations below:
Wednesday, October 7, 2009
IPsec using IOS CA Server
Connecting R1 f0/0 to SW1 f1/1 (vlan 10). See configs:
R1
interface Loopback0
ip address 10.10.10.10 255.255.255.0
!
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.0
duplex auto
speed auto
!
router rip
version 2
network 1.0.0.0
network 10.0.0.0
ntp master 2 ß-R1 is master NTP
R1
interface Loopback0
ip address 10.10.10.10 255.255.255.0
!
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.0
duplex auto
speed auto
!
router rip
version 2
network 1.0.0.0
network 10.0.0.0
ntp master 2 ß-R1 is master NTP
Thursday, October 1, 2009
Fun with Dynamips – router broken by VRF-lite and PIX
See nice and simple VRF-lite exercise splitting SW1 router into R1 and R2 routers and connecting them by PIX firewall. I was able to ping from R2 (connected to inside interface of PIX) to R1 which is connected to outside interface of PIX firewall.
Subscribe to:
Posts (Atom)