Chapter 7 Configuring VPNs Using an IPsec Tunnel and Generic Routing Encapsulation

Configuration Example

!

!Utilize NAT overload in order to make best use of the

!single address provided by the ISP.

ip nat inside source list 102 interface Ethernet1 overload ip classless

ip route 0.0.0.0 0.0.0.0 210.110.101.1 no ip http server

!

!

!acl 102 associated addresses used for NAT. access-list 102 permit ip 10.1.1.0 0.0.0.255 any

!acl 103 defines traffic allowed from the peer for the IPsec tunnel. access-list 103 permit udp host 200.1.1.1 any eq isakmp access-list 103 permit udp host 200.1.1.1 eq isakmp any access-list 103 permit esp host 200.1.1.1 any

!Allow ICMP for debugging but should be disabled because of security implications. access-list 103 permit icmp any any

access-list 103 deny ip any any ! Prevents Internet-initiated traffic inbound.

!acl 105 matches addresses for the IPsec tunnel to or from the corporate network. access-list 105 permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255

no cdp run

 

 

Cisco Secure Router 520 Series Software Configuration Guide

 

 

 

 

 

 

OL-14210-01

 

 

7-11

 

 

 

 

 

Page 87
Image 87
Cisco Systems 520 series manual No cdp run