構成図
VPN Client を使用し、Office LAN ( 20.0.0.0/24 ) に VPN 接続する。
30.0.0.10 が WAN にいて、Office LAN に VPN 接続する。
コンフィグは下記をマネ。
http://www.cisco.com/JP/support/public/loc/tac/102/1020020/ezvpn.pdf
Router#sh version
Cisco IOS Software, 3600 Software (C3640-JK9S-M), Version 12.4(13a), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Tue 06-Mar-07 20:25 by prod_rel_team
ROM: ROMMON Emulation Microcode
ROM: 3600 Software (C3640-JK9S-M), Version 12.4(13a), RELEASE SOFTWARE (fc1)
Router uptime is 27 minutes
System returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0x0, BOOT_COUNT 0, BOOTDATA 19
System image file is "tftp://255.255.255.255/unknown"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 3640 (R4700) processor (revision 0xFF) with 124928K/6144K bytes of memory.
Processor board ID 00000000
R4700 CPU at 100MHz, Implementation 33, Rev 1.2
4 Ethernet interfaces
DRAM configuration is 64 bits wide with parity enabled.
125K bytes of NVRAM.
8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2142
Router#
Router#show running-config
Building configuration...
Current configuration : 1718 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable password hello
!
aaa new-model
!
!
aaa authentication login userauth local
aaa authorization network groupauth local
!
aaa session-id common
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username remoteuser password 0 cisco
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp keepalive 30 periodic
!
crypto isakmp client configuration group VPNCLIENT
key cisco
dns 20.0.0.50
domain example.com
pool ezvpn1
save-password
crypto isakmp profile vpnclient-pforile
! This profile is incomplete (no match identity statement)
crypto isakmp profile vpnclient-profile
match identity group VPNCLIENT
client authentication list userauth
isakmp authorization list groupauth
client configuration address respond
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 1
set transform-set myset
set isakmp-profile vpnclient-profile
!
!
crypto map ezvpnmap 1 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Ethernet0/0
description connected to LAN
ip address 20.0.0.254 255.255.255.0
half-duplex
!
interface Ethernet0/1
description connected to WAN
ip address 30.0.0.254 255.255.255.0
half-duplex
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
ip local pool ezvpn1 20.0.0.200 20.0.0.210
ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0
password hello
line vty 1 4
!
!
end
Router#
[ VPN Client から VPN 接続できるか確認 ]
VPN Client をインストール
[root@hat2-vm ~]# cat /etc/redhat-release
CentOS release 5.5 (Final)
[root@hat2-vm ~]# uname -r
2.6.18-194.11.3.el5
[root@hat2-vm ~]# tar xzvf vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
[root@hat2-vm ~]# cd vpnclient
[root@hat2-vm vpnclient]# ./vpn_install
設定ファイル
[root@hat2-vm cisco-vpnclient]# pwd
/etc/opt/cisco-vpnclient
[root@hat2-vm cisco-vpnclient]# ls
Certificates Profiles vpnclient.ini
プロファイルの作成
[root@hat2-vm ~]# cd /etc/opt/cisco-vpnclient/Profiles/
[root@hat2-vm Profiles]# ls
sample.pcf
[root@hat2-vm Profiles]# cp sample.pcf test-VPN.pcf
test-VPN.pcf を編集
VPN server : 30.0.0.254
Group Name : VPNCLIENT
Group password : cisco
user name : remoteuser
user password : cisco
[root@hat2-vm Profiles]# cat test-VPN.pcf
[main]
Description=sample user profile
Host=30.0.0.254
AuthType=1
GroupName=VPNCLIENT
GroupPwd=cisco
Username=remoteuser
EnableISPConnect=0
ISPConnectType=0
ISPConnect=
ISPCommand=
SaveUserPassword=0
EnableBackup=0
BackupServer=
EnableNat=1
CertStore=0
CertName=
CertPath=
CertSubjectName=
CertSerialHash=00000000000000000000000000000000
DHGroup=2
ForceKeepAlives=0
接続確認
[root@hat2-vm Profiles]# /etc/init.d/vpnclient_init start
Starting /opt/cisco-vpnclient/bin/vpnclient: Done
[root@hat2-vm cisco-vpnclient]# /etc/init.d/vpnclient_init status
Module Size Used by
cisco_ipsec 601660 0
cipsec0 Link encap:Ethernet HWaddr 00:0B:FC:F8:01:8F
NOARP MTU:1356 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
エラーが。
[root@hat2-vm ~]# vpnclient connect /etc/opt/cisco-vpnclient/Profiles/test-VPN.pcf
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.18-194.11.3.el5 #1 SMP Mon Aug 30 16:23:24 EDT 2010 i686
Config file directory: /etc/opt/cisco-vpnclient
The profile specified could not be read.
問題点を2つ発見。
拡張子pcf は指定しない。
test-VPN.pcf は /etc/opt/cisco-vpnclient 直下に。
[root@hat2-vm ~]# ls /etc/opt/cisco-vpnclient/*.pcf
/etc/opt/cisco-vpnclient/test-VPN.pcf
VPN接続できないなー。でも、vpnclient が使えるところまできた。
[root@hat2-vm ~]# vpnclient connect test-VPN
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.18-194.11.3.el5 #1 SMP Mon Aug 30 16:23:24 EDT 2010 i686
Config file directory: /etc/opt/cisco-vpnclient
Initializing the VPN connection.
Contacting the gateway at 30.0.0.254
Secure VPN Connection terminated locally by the Client
Reason: Remote peer is no longer responding.
There are no new notification messages at this time.
Ciscoの設定でぬけてたのがあった。
Router(config)#interface Ethernet 0/1
Router(config-if)#crypto map ezvpnmap
接続出来た。
[root@hat2-vm ~]# vpnclient connect test-VPN
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.18-194.11.3.el5 #1 SMP Mon Aug 30 16:23:24 EDT 2010 i686
Config file directory: /etc/opt/cisco-vpnclient
Initializing the VPN connection.
Contacting the gateway at 30.0.0.254
User Authentication for test-VPN...
The server has requested the following information to complete the user authentication:
Username [remoteuser]:
Password []:
Authenticating user.
Negotiating security policies.
Securing communication channel.
VPN Client に 20.0.0.200 がついた。
Router#show crypto ipsec sa
interface: Ethernet0/1
Crypto map tag: ezvpnmap, local addr 30.0.0.254
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (20.0.0.200/255.255.255.255/0/0)
current_peer 30.0.0.10 port 41399
PERMIT, flags={}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 11, #pkts decrypt: 11, #pkts verify: 11
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 30.0.0.254, remote crypto endpt.: 30.0.0.10
path mtu 1500, ip mtu 1500, ip mtu idb Ethernet0/1
current outbound spi: 0x563DF3CA(1446900682)
inbound esp sas:
spi: 0x76C67E32(1992719922)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2001, flow_id: SW:1, crypto map: ezvpnmap
sa timing: remaining key lifetime (k/sec): (4431024/3382)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x563DF3CA(1446900682)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2002, flow_id: SW:2, crypto map: ezvpnmap
sa timing: remaining key lifetime (k/sec): (4431026/3381)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
Router#
完成版コンフィグ
Router#show running-config
Building configuration...
Current configuration : 1739 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable password hello
!
aaa new-model
!
!
aaa authentication login userauth local
aaa authorization network groupauth local
!
aaa session-id common
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username remoteuser password 0 cisco
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp keepalive 30 periodic
!
crypto isakmp client configuration group VPNCLIENT
key cisco
dns 20.0.0.50
domain example.com
pool ezvpn1
save-password
crypto isakmp profile vpnclient-pforile
! This profile is incomplete (no match identity statement)
crypto isakmp profile vpnclient-profile
match identity group VPNCLIENT
client authentication list userauth
isakmp authorization list groupauth
client configuration address respond
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 1
set transform-set myset
set isakmp-profile vpnclient-profile
!
!
crypto map ezvpnmap 1 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Ethernet0/0
description connected to LAN
ip address 20.0.0.254 255.255.255.0
half-duplex
!
interface Ethernet0/1
description connected to WAN
ip address 30.0.0.254 255.255.255.0
half-duplex
crypto map ezvpnmap
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
ip local pool ezvpn1 20.0.0.200 20.0.0.210
ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0
password hello
line vty 1 4
!
!
end
Router#
get things done!
VPN Client を使用し、Office LAN ( 20.0.0.0/24 ) に VPN 接続する。
30.0.0.10 が WAN にいて、Office LAN に VPN 接続する。
コンフィグは下記をマネ。
http://www.cisco.com/JP/support/public/loc/tac/102/1020020/ezvpn.pdf
Router#sh version
Cisco IOS Software, 3600 Software (C3640-JK9S-M), Version 12.4(13a), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Tue 06-Mar-07 20:25 by prod_rel_team
ROM: ROMMON Emulation Microcode
ROM: 3600 Software (C3640-JK9S-M), Version 12.4(13a), RELEASE SOFTWARE (fc1)
Router uptime is 27 minutes
System returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0x0, BOOT_COUNT 0, BOOTDATA 19
System image file is "tftp://255.255.255.255/unknown"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 3640 (R4700) processor (revision 0xFF) with 124928K/6144K bytes of memory.
Processor board ID 00000000
R4700 CPU at 100MHz, Implementation 33, Rev 1.2
4 Ethernet interfaces
DRAM configuration is 64 bits wide with parity enabled.
125K bytes of NVRAM.
8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2142
Router#
Router#show running-config
Building configuration...
Current configuration : 1718 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable password hello
!
aaa new-model
!
!
aaa authentication login userauth local
aaa authorization network groupauth local
!
aaa session-id common
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username remoteuser password 0 cisco
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp keepalive 30 periodic
!
crypto isakmp client configuration group VPNCLIENT
key cisco
dns 20.0.0.50
domain example.com
pool ezvpn1
save-password
crypto isakmp profile vpnclient-pforile
! This profile is incomplete (no match identity statement)
crypto isakmp profile vpnclient-profile
match identity group VPNCLIENT
client authentication list userauth
isakmp authorization list groupauth
client configuration address respond
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 1
set transform-set myset
set isakmp-profile vpnclient-profile
!
!
crypto map ezvpnmap 1 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Ethernet0/0
description connected to LAN
ip address 20.0.0.254 255.255.255.0
half-duplex
!
interface Ethernet0/1
description connected to WAN
ip address 30.0.0.254 255.255.255.0
half-duplex
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
ip local pool ezvpn1 20.0.0.200 20.0.0.210
ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0
password hello
line vty 1 4
!
!
end
Router#
[ VPN Client から VPN 接続できるか確認 ]
VPN Client をインストール
[root@hat2-vm ~]# cat /etc/redhat-release
CentOS release 5.5 (Final)
[root@hat2-vm ~]# uname -r
2.6.18-194.11.3.el5
[root@hat2-vm ~]# tar xzvf vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
[root@hat2-vm ~]# cd vpnclient
[root@hat2-vm vpnclient]# ./vpn_install
設定ファイル
[root@hat2-vm cisco-vpnclient]# pwd
/etc/opt/cisco-vpnclient
[root@hat2-vm cisco-vpnclient]# ls
Certificates Profiles vpnclient.ini
プロファイルの作成
[root@hat2-vm ~]# cd /etc/opt/cisco-vpnclient/Profiles/
[root@hat2-vm Profiles]# ls
sample.pcf
[root@hat2-vm Profiles]# cp sample.pcf test-VPN.pcf
test-VPN.pcf を編集
VPN server : 30.0.0.254
Group Name : VPNCLIENT
Group password : cisco
user name : remoteuser
user password : cisco
[root@hat2-vm Profiles]# cat test-VPN.pcf
[main]
Description=sample user profile
Host=30.0.0.254
AuthType=1
GroupName=VPNCLIENT
GroupPwd=cisco
Username=remoteuser
EnableISPConnect=0
ISPConnectType=0
ISPConnect=
ISPCommand=
SaveUserPassword=0
EnableBackup=0
BackupServer=
EnableNat=1
CertStore=0
CertName=
CertPath=
CertSubjectName=
CertSerialHash=00000000000000000000000000000000
DHGroup=2
ForceKeepAlives=0
接続確認
[root@hat2-vm Profiles]# /etc/init.d/vpnclient_init start
Starting /opt/cisco-vpnclient/bin/vpnclient: Done
[root@hat2-vm cisco-vpnclient]# /etc/init.d/vpnclient_init status
Module Size Used by
cisco_ipsec 601660 0
cipsec0 Link encap:Ethernet HWaddr 00:0B:FC:F8:01:8F
NOARP MTU:1356 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
エラーが。
[root@hat2-vm ~]# vpnclient connect /etc/opt/cisco-vpnclient/Profiles/test-VPN.pcf
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.18-194.11.3.el5 #1 SMP Mon Aug 30 16:23:24 EDT 2010 i686
Config file directory: /etc/opt/cisco-vpnclient
The profile specified could not be read.
問題点を2つ発見。
拡張子pcf は指定しない。
test-VPN.pcf は /etc/opt/cisco-vpnclient 直下に。
[root@hat2-vm ~]# ls /etc/opt/cisco-vpnclient/*.pcf
/etc/opt/cisco-vpnclient/test-VPN.pcf
VPN接続できないなー。でも、vpnclient が使えるところまできた。
[root@hat2-vm ~]# vpnclient connect test-VPN
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.18-194.11.3.el5 #1 SMP Mon Aug 30 16:23:24 EDT 2010 i686
Config file directory: /etc/opt/cisco-vpnclient
Initializing the VPN connection.
Contacting the gateway at 30.0.0.254
Secure VPN Connection terminated locally by the Client
Reason: Remote peer is no longer responding.
There are no new notification messages at this time.
Ciscoの設定でぬけてたのがあった。
Router(config)#interface Ethernet 0/1
Router(config-if)#crypto map ezvpnmap
接続出来た。
[root@hat2-vm ~]# vpnclient connect test-VPN
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.18-194.11.3.el5 #1 SMP Mon Aug 30 16:23:24 EDT 2010 i686
Config file directory: /etc/opt/cisco-vpnclient
Initializing the VPN connection.
Contacting the gateway at 30.0.0.254
User Authentication for test-VPN...
The server has requested the following information to complete the user authentication:
Username [remoteuser]:
Password []:
Authenticating user.
Negotiating security policies.
Securing communication channel.
VPN Client に 20.0.0.200 がついた。
Router#show crypto ipsec sa
interface: Ethernet0/1
Crypto map tag: ezvpnmap, local addr 30.0.0.254
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (20.0.0.200/255.255.255.255/0/0)
current_peer 30.0.0.10 port 41399
PERMIT, flags={}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 11, #pkts decrypt: 11, #pkts verify: 11
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 30.0.0.254, remote crypto endpt.: 30.0.0.10
path mtu 1500, ip mtu 1500, ip mtu idb Ethernet0/1
current outbound spi: 0x563DF3CA(1446900682)
inbound esp sas:
spi: 0x76C67E32(1992719922)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2001, flow_id: SW:1, crypto map: ezvpnmap
sa timing: remaining key lifetime (k/sec): (4431024/3382)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x563DF3CA(1446900682)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2002, flow_id: SW:2, crypto map: ezvpnmap
sa timing: remaining key lifetime (k/sec): (4431026/3381)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
Router#
完成版コンフィグ
Router#show running-config
Building configuration...
Current configuration : 1739 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable password hello
!
aaa new-model
!
!
aaa authentication login userauth local
aaa authorization network groupauth local
!
aaa session-id common
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username remoteuser password 0 cisco
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp keepalive 30 periodic
!
crypto isakmp client configuration group VPNCLIENT
key cisco
dns 20.0.0.50
domain example.com
pool ezvpn1
save-password
crypto isakmp profile vpnclient-pforile
! This profile is incomplete (no match identity statement)
crypto isakmp profile vpnclient-profile
match identity group VPNCLIENT
client authentication list userauth
isakmp authorization list groupauth
client configuration address respond
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 1
set transform-set myset
set isakmp-profile vpnclient-profile
!
!
crypto map ezvpnmap 1 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Ethernet0/0
description connected to LAN
ip address 20.0.0.254 255.255.255.0
half-duplex
!
interface Ethernet0/1
description connected to WAN
ip address 30.0.0.254 255.255.255.0
half-duplex
crypto map ezvpnmap
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
ip local pool ezvpn1 20.0.0.200 20.0.0.210
ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0
password hello
line vty 1 4
!
!
end
Router#
get things done!
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.