31.7.1 host 128.107.55.9
Permits VPN protocol: AH
Winnipeg(config)#access-list 120 permit esp
host 192.31.7.1 host 128.107.55.9
Permits VPN protocol:
ESP
Winnipeg(config)#access-list 120 permit udp
host 192.31.7.1 host 128.107.55.9 eq isakmp
Permits VPN protocol:
ISAKMP
NOTE: The ACL
permitting VPN
protocols is applied
inbound at the border
router or ?¬?rewall WAN
interface.
Winnipeg(config)#interface fastethernet 0/0 Enters interface
con?¬?guration mode
Winnipeg(config-if)#ip access-group 120 in Applies VPN protocol
ACL inbound at the local
terminating interface
Winnipeg#show crypto ipsec sa Displays the settings used
by current SAs
Winnipeg#show crypto isakmp sa Displays current IKE SAs
Winnipeg#show crypto session Displays status
information for active
crypto sessions
Con?¬?guring IPsec Site-to-Site VPNs Using SDM 43
Con?¬?guring IPsec Site-to-Site VPNs Using SDM
Figure 4-1 shows the network topology for the con?¬?gurations that follow, which describe
how to use SDM to con?¬?gure an IPsec site-to-site VPN.
Step 1. Start the Cisco Security Device Manager (SDM) application on a workstation
(WorkStation 1) on the 192.168.30.0/24 Winnipeg LAN segment.
Step 2. Choose Configure > VPN > Tasks > Site-to-Site VPN.
Pages:
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51