IPsec LAN-to-LAN IPsec over GRE

NOTE

  • 送信元、宛先は全てloopback

crypto map
local-address Loopback0

  • 2つ以上のIFに同じマップを適用する時にこれを使う。冗長する時にも使える。

 

 

crypto isakmp policy 2
 authentication pre-share
crypto isakmp key CISCO address 4.4.4.4
!
crypto ipsec transform-set TR-R1-R4 esp-aes esp-sha-hmac
!
crypto map MAP-R1-R4-IPSEC local-address Loopback0
crypto map MAP-R1-R4-IPSEC 1 ipsec-isakmp
 set peer 10.0.0.4
 set transform-set TR-R1-R4
 match address 100
!
interface Tunnel0
 ip address 172.16.0.1 255.255.255.0
 tunnel source Loopback0
 tunnel destination 10.0.0.4
!
interface Loopback0
 ip address 10.0.0.1 255.255.255.255
!
interface FastEthernet0/0
 crypto map MAP-R1-R4-IPSEC
!
interface FastEthernet0/1
 crypto map MAP-R1-R4-IPSEC
!
ip route 192.168.4.0 255.255.255.0 Tunnel0
!
access-list 100 permit gre host 10.0.0.1 host 10.0.0.4

コメント