NOTE
- 送信元、宛先は全てloopback
crypto map
local-address Loopback0
- 2つ以上のIFに同じマップを適用する時にこれを使う。冗長する時にも使える。
DIAGRAM
CONFIGURATION
crypto isakmp policy 2 authentication pre-share crypto isakmp key CISCO address 4.4.4.4 ! crypto ipsec transform-set TR-R1-R4 esp-aes esp-sha-hmac ! crypto map MAP-R1-R4-IPSEC local-address Loopback0 crypto map MAP-R1-R4-IPSEC 1 ipsec-isakmp set peer 10.0.0.4 set transform-set TR-R1-R4 match address 100 ! interface Tunnel0 ip address 172.16.0.1 255.255.255.0 tunnel source Loopback0 tunnel destination 10.0.0.4 ! interface Loopback0 ip address 10.0.0.1 255.255.255.255 ! interface FastEthernet0/0 crypto map MAP-R1-R4-IPSEC ! interface FastEthernet0/1 crypto map MAP-R1-R4-IPSEC ! ip route 192.168.4.0 255.255.255.0 Tunnel0 ! access-list 100 permit gre host 10.0.0.1 host 10.0.0.4
コメント