Neo Cheat Sheets

Cisco L2L IPSec

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/867-cisco-router-site-to-site-ipsec-vpn.html
http://www.cisco.com/c/en/us/support/docs/routers/1700-series-modular-access-routers/71462-rtr-l2l-ipsec-split.html

crypto isakmp policy 10
hash md5
authentication pre-share

crypto isakmp key vpnuser address 172.16.1.1
access-list 100 permit ip 172.16.2.0 0.0.0.255 10.1.1.0 0.0.0.255
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map mymap 10 ipsec-isakmp
set peer 172.16.1.1
set transform-set myset
match address 100

interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.0
duplex auto
speed auto
crypto map mymap

###########################################################################################################


ip dhcp pool network
network 10.100.0.0 255.255.255.0
default-router 10.100.0.1
dns-server 8.8.8.8

crypto isakmp policy 100
encr aes 256
authentication pre-share
crypto isakmp key cisco address 86.105.1.2
!
crypto ipsec transform-set set esp-aes 256
!
crypto map map 100 ipsec-isakmp
set peer 86.105.1.2
set transform-set set
match address 100
!
interface FastEthernet0/0
ip address 10.100.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex half
!
interface GigabitEthernet6/0
ip address 79.112.1.1 255.255.255.252
ip nat outside
ip virtual-reassembly
negotiation auto
crypto map map
!
router ospf 1
log-adjacency-changes
network 79.112.1.0 0.0.0.3 area 0
!
ip route 0.0.0.0 0.0.0.0 79.112.1.2
ip nat inside source list 110 interface GigabitEthernet6/0 overload
!
access-list 100 permit ip 10.100.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 110 deny ip 10.100.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 110 permit ip 10.100.0.0 0.0.0.255 any


###################################R3################################
ip dhcp pool vlan
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
domain-name wr
!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
crypto isakmp key cisco address 79.112.1.1
!
!
crypto ipsec transform-set set esp-aes 256
!
crypto map map 10 ipsec-isakmp
set peer 79.112.1.1
set transform-set set
match address 100
!
interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex half
interface GigabitEthernet5/0
ip address 86.105.1.2 255.255.255.252
ip nat outside
ip virtual-reassembly
negotiation auto
crypto map map
!
router ospf 1
log-adjacency-changes
network 86.105.1.0 0.0.0.3 area 0
!
ip route 0.0.0.0 0.0.0.0 86.105.1.1
!
ip nat inside source list 110 interface GigabitEthernet5/0 overload
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 10.100.0.0 0.0.0.255
access-list 110 deny ip 192.168.1.0 0.0.0.255 10.100.0.0 0.0.0.255
access-list 110 permit ip 192.168.1.0 0.0.0.255 any