Variabeln

• LINUX WAN IP = 192.168.240.252
• CISCO WAN IP = 192.168.244.96

Linux Site

• ip tunnel add gretun mode gre remote 192.168.244.96 local 192.168.240.252 ttl 255
• ip address add dev gretun 10.11.12.13/24
• ip link set gretun up

Cisco Site

interface Tunnel1
 ip address 10.11.12.12 255.255.255.0
 ip mtu 1400
 ip tcp adjust-mss 1360
 tunnel source 192.168.244.96
 tunnel destination 192.168.240.252

Mit IPSEC Transport Mode

Linux Site

• /etc/ipsec.conf

version 2.0
config setup
        protostack=netkey
        nat_traversal=yes

conn max-cisco
      authby=secret
      type=transport
      left=192.168.244.96
      right=192.168.240.252
      ike=aes256-md5-modp1536
      phase2alg=aes256-sha
      pfs=no
      auto=start

• /etc/ipsec.secrets

192.168.240.252 192.168.244.96 : PSK "sehr-geheim"

Cisco Site

;Phase 1
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5

;ACL
access-list 120 permit ip host 192.168.244.96 host 192.168.240.252


;PSK
crypto isakmp key sehr-geheim address 192.168.240.252

;Phase 2
crypto ipsec transform-set AES-256-SHA-TRANSPORT esp-aes 256 esp-sha-hmac 
 mode transport

;Zusammenfassen
crypto map max-cisco 10 ipsec-isakmp 
 set peer 192.168.240.252
 set transform-set AES-256-SHA-TRANSPORT 
 match address 120

;Interface zuordnen
interface FastEthernet0/0 crypto map max-cisco

• https://supportforums.cisco.com/document/12013476/crypto-map-based-ipsec-vpn-fundamentals-negotiation-and-configuration#IPsec
• http://www.xinux.net/index.php/CISCO_IPSEC_Site_to_Site_VPN
• https://learningnetwork.cisco.com/docs/DOC-2457
• https://supportforums.cisco.com/document/13576/how-configure-gre-tunnel