Gre tunnel linux cisco
Zur Navigation springen
Zur Suche springen
Variabeln
- LINUX WAN IP = 192.168.240.252
- CISCO WAN IP = 192.168.244.96
Linux Site
- ip tunnel add gretun mode gre remote 192.168.244.96 local 192.168.240.252 ttl 255
- ip address add dev gretun 10.11.12.13/24
- ip link set gretun up
Cisco Site
interface Tunnel1 ip address 10.11.12.12 255.255.255.0 ip mtu 1400 ip tcp adjust-mss 1360 tunnel source 192.168.244.96 tunnel destination 192.168.240.252
Mit IPSEC Transport Mode
Linux Site
- /etc/ipsec.conf
version 2.0 config setup protostack=netkey nat_traversal=yes conn max-cisco authby=secret type=transport left=192.168.244.96 right=192.168.240.252 ike=aes256-md5-modp1536 phase2alg=aes256-sha pfs=no auto=start
- /etc/ipsec.secrets
192.168.240.252 192.168.244.96 : PSK "sehr-geheim"
Cisco Site
;Phase 1 crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 ;ACL access-list 120 permit ip host 192.168.244.96 host 192.168.240.252 ;PSK crypto isakmp key sehr-geheim address 192.168.240.252 ;Phase 2 crypto ipsec transform-set AES-256-SHA-TRANSPORT esp-aes 256 esp-sha-hmac mode transport ;Zusammenfassen crypto map max-cisco 10 ipsec-isakmp set peer 192.168.240.252 set transform-set AES-256-SHA-TRANSPORT match address 120 ;Interface zuordnen interface FastEthernet0/0 crypto map max-cisco
- https://supportforums.cisco.com/document/12013476/crypto-map-based-ipsec-vpn-fundamentals-negotiation-and-configuration#IPsec
- http://www.xinux.net/index.php/CISCO_IPSEC_Site_to_Site_VPN
- https://learningnetwork.cisco.com/docs/DOC-2457
- https://supportforums.cisco.com/document/13576/how-configure-gre-tunnel