
Example 5: IPSec remote access
Black Box 1 | Tasman #1 | |
| ||
| VPN Server | |
Corporate | 172.16.0.1 | |
Mode Config IP | ||
Headquarters | ||
Pool: | ||
10.0.1.0/24 | ||
10.0.1.100- | ||
| ||
| 10.0.1.150 |
| NNEL |
C TU | |
IPSE |
|
IPSEC TUNNEL
VPN Client 1
Local Outer Address:
Dynamic
Local Inner Assigned
Address: 10.0.1.100/32
Local ID:
david@tasmannetwblackbox.comrks.
com
VPN Client 2
Local Outer Address:
Dynamic
Local Inner Assigned
Address: 10.0.1.101/32
Local ID:
mike@tasmannetwblackbox.comrks.
com
Step 1: As in Step1 of Example 1
Step 2: As in Step2 of Example 1
Step 3: As in Step3 of Example 1
Step 4: Configure dynamic IKE policy for a group of mobile users
Black Box1/configure> crypto
Black Box1/configure/crypto> dynamic
Black Box1/configure/crypto/dynamic> ike policy sales
Black Box1/configure/crypto/dynamic/ike/policy sales>
Black Box1/configure/crypto/dynamic/ike/policy sales>
The default proposal is created with
Black Box1/configure/crypto/dynamic/ike/policy sales>
Black Box1/configure/crypto/dynamic/ike/policy sales> proposal 1
Black Box1/configure/crypto/dynamic/ike/policy sales/proposal 1>
Black Box1/configure/crypto/dynamic/ike/policy sales/proposal 1> exit Black Box1/configure/crypto/dynamic/ike/policy sales> client configuration
Black Box1/configure/crypto/dynamic/ike/policy sales/client/configuration> address- pool 1 20.1.1.100 20.1.1.150
Black Box1/configure/crypto/dynamic/ike/policy sales/client/configuration> exit Black Box1/configure/crypto/dynamic/ike/policy sales> exit
Black Box1/configure/crypto/dynamic> exit
Step 5: Display dynamic IKE policies
41