iscw.ipsec.initial.configs

R1#show run
Building configuration…

Current configuration : 2607 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
logging console notifications
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-1102463821
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1102463821
revocation-check none
rsakeypair TP-self-signed-1102463821
!
!
crypto pki certificate chain TP-self-signed-1102463821
certificate self-signed 01
3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31313032 34363338 3231301E 170D3039 31313136 31313335
33315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31303234
36333832 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A3EF 5CD74B28 1C2B33B1 363F5611 4E0A2D9E 00EE8970 081C5D32 D0D5D93C
E84973F9 6DD76BED 2A4CD00A B6955CA0 DE6EED9A AC70C2F3 2626FD71 BA9C7F42
DF08B655 E184EBB7 01ACE7D3 DFFA0A41 60735BCF 49664237 CF419860 C37830F9
15B7593D 1333F0D6 787CDA36 C23206E8 086C48CE 27D50340 62B52838 93866302
D4AD0203 010001A3 62306030 0F060355 1D130101 FF040530 030101FF 300D0603
551D1104 06300482 02523130 1F060355 1D230418 30168014 61312CD3 FD2AE4D5
89068A88 B5256736 A8A83D8B 301D0603 551D0E04 16041461 312CD3FD 2AE4D589
068A88B5 256736A8 A83D8B30 0D06092A 864886F7 0D010104 05000381 81007197
8BFB5641 69F546B0 494DAF57 63C4B602 0013B2F8 C8CD8D76 735DD85E 90BE5C36
732207F0 9B7B8578 FB06FB9C 3EA6FD50 63270400 DC965A28 AE5EDAAF 7A4E9637
8838968A 3C66E814 CC4FF67E D36F0166 E7F3D448 433F2B0B 17683598 C16D531A
98BAB4FF FCE16C18 B16A750A DE719F4D FC175664 D55EDABD 9FE59EA7 0C14
quit
!
!
username sdm privilege 15 password 0 cisco
archive
log config
hidekeys
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.100.0.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
!
interface Serial0/1
ip address 200.0.13.1 255.255.255.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial0/1
!
!
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous level 0 limit 20
line aux 0
line vty 0 4
login local
!
!
end

R2#sh run
Building configuration…

Current configuration : 1356 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
crypto ipsec client ezvpn EASYVPN
connect manual
group DBMIGROUP key DBMIPASS
mode client
peer 200.0.13.1
xauth userid mode interactive
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
ip address 10.103.0.2 255.255.255.0
duplex auto
speed auto
crypto ipsec client ezvpn EASYVPN inside
!
interface Serial0/0
no ip address
encapsulation frame-relay
!
interface Serial0/0.203 point-to-point
ip address 200.0.23.2 255.255.255.0
frame-relay interface-dlci 203
crypto ipsec client ezvpn EASYVPN
!
ip route 0.0.0.0 0.0.0.0 Serial0/0.203
!
!
ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
no login
!
!
end
R3#show run
Building configuration…

Current configuration : 1556 bytes
!
! Last configuration change at 11:57:06 UTC Mon Nov 16 2009
! NVRAM config last updated at 11:55:53 UTC Mon Nov 16 2009
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
logging console notifications
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 200.0.36.3 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
no ip address
encapsulation frame-relay
!
interface Serial1/0.302 point-to-point
ip address 200.0.23.3 255.255.255.0
snmp trap link-status
frame-relay interface-dlci 302
!
interface Serial1/0.304 point-to-point
ip address 200.0.34.3 255.255.255.0
snmp trap link-status
frame-relay interface-dlci 304
!
interface Serial1/0.305 point-to-point
ip address 200.0.35.3 255.255.255.0
snmp trap link-status
frame-relay interface-dlci 305
!
interface Serial1/1
no ip address
shutdown
!
interface Serial1/2
ip address 200.0.13.3 255.255.255.0
clock rate 128000
!
interface Serial1/3
no ip address
shutdown
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous level 0 limit 20
line aux 0
line vty 0 4
!
!
end

R4#sh run
Building configuration…

Current configuration : 1729 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
logging console notifications
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
crypto isakmp key GREKEY address 200.0.13.1
!
!
crypto ipsec transform-set GRETRANSFORM esp-3des esp-md5-hmac
!
crypto map CRYPTO 10 ipsec-isakmp
set peer 200.0.13.1
set transform-set GRETRANSFORM
match address GRE_OVER_IPSEC
!
!
!
!
!
!
!
interface Tunnel0
ip address 10.104.0.4 255.255.255.0
tunnel source 200.0.34.4
tunnel destination 200.0.13.1
!
interface FastEthernet0/0
ip address 10.102.0.4 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
no ip address
encapsulation frame-relay
!
interface Serial0/0.403 point-to-point
ip address 200.0.34.4 255.255.255.0
frame-relay interface-dlci 403
crypto map CRYPTO
!
router eigrp 100
network 10.0.0.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial0/0.403
!
!
ip http server
no ip http secure-server
!
ip access-list extended GRE_OVER_IPSEC
permit gre host 200.0.34.4 host 200.0.13.1
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous level 0 limit 20
line aux 0
line vty 0 4
login
!
!
end

 

R5#term len 0
R5#sh run
Building configuration…

Current configuration : 1743 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
logging console notifications
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
crypto isakmp key GREKEY address 200.0.13.1
!
!
crypto ipsec transform-set GRETRANSFORM esp-3des esp-md5-hmac
!
crypto map CRYPTO 10 ipsec-isakmp
set peer 200.0.13.1
set transform-set GRETRANSFORM
match address GRE_OVER_IPSEC
!
!
!
!
!
!
!
interface Tunnel0
ip address 10.105.0.5 255.255.255.0
delay 100000
tunnel source 200.0.35.5
tunnel destination 200.0.13.1
!
interface FastEthernet0/0
ip address 10.102.0.5 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
no ip address
encapsulation frame-relay
!
interface Serial0/0.503 point-to-point
ip address 200.0.35.5 255.255.255.0
snmp trap link-status
frame-relay interface-dlci 503
crypto map CRYPTO
!
router eigrp 100
network 10.0.0.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial0/0.503
!
!
ip http server
no ip http secure-server
!
ip access-list extended GRE_OVER_IPSEC
permit gre host 200.0.35.5 host 200.0.13.1
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous level 0 limit 20
line aux 0
line vty 0 4
login
!
!
end

R6#sh run
Building configuration…

Current configuration : 1408 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
crypto isakmp key S2SKEY address 200.0.13.1
!
!
crypto ipsec transform-set R1TRANSFORM esp-aes esp-md5-hmac
!
crypto map CRYPTO 10 ipsec-isakmp
set peer 200.0.13.1
set transform-set R1TRANSFORM
match address TOR1
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 200.0.36.6 255.255.255.0
duplex auto
speed auto
crypto map CRYPTO
!
interface FastEthernet0/1
ip address 10.101.0.6 255.255.255.0
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 200.0.36.3
!
!
no ip http server
no ip http secure-server
!
ip access-list extended TOR1
permit ip 10.101.0.0 0.0.0.255 10.100.0.0 0.0.0.255
!
no cdp run
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
!
end
SW1#show run
Building configuration…

Current configuration : 2718 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1
!
enable password cisco
!
no aaa new-model
ip subnet-zero
ip routing
no ip domain-lookup
!
!
vtp domain DBMI
vtp mode transparent
!
!
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 36,100-103,122,126
!
ip tcp synwait-time 5
!
!
!
!
!
interface FastEthernet0/1
switchport access vlan 100
switchport mode dynamic desirable
!
interface FastEthernet0/2
switchport access vlan 103
switchport mode dynamic desirable
!
interface FastEthernet0/3
switchport access vlan 36
switchport mode dynamic desirable
!
interface FastEthernet0/4
switchport access vlan 102
switchport mode dynamic desirable
!
interface FastEthernet0/5
switchport access vlan 102
switchport mode dynamic desirable
!
interface FastEthernet0/6
switchport access vlan 36
switchport mode dynamic desirable
!
interface FastEthernet0/7
switchport mode dynamic desirable
!
interface FastEthernet0/8
switchport mode dynamic desirable
!
interface FastEthernet0/9
switchport mode dynamic desirable
!
interface FastEthernet0/10
switchport mode dynamic desirable
!
interface FastEthernet0/11
switchport mode dynamic desirable
!
interface FastEthernet0/12
switchport mode dynamic desirable
!
interface FastEthernet0/13
switchport mode dynamic desirable
!
interface FastEthernet0/14
switchport mode dynamic desirable
!
interface FastEthernet0/15
switchport mode dynamic desirable
!
interface FastEthernet0/16
switchport mode dynamic desirable
!
interface FastEthernet0/17
switchport mode dynamic desirable
!
interface FastEthernet0/18
switchport mode dynamic desirable
!
interface FastEthernet0/19
switchport mode dynamic desirable
!
interface FastEthernet0/20
switchport mode dynamic desirable
!
interface FastEthernet0/21
switchport mode dynamic desirable
!
interface FastEthernet0/22
switchport mode dynamic desirable
!
interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/24
switchport mode dynamic desirable
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan103
ip address 10.103.0.7 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.103.0.2
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
line vty 5 15
login
!
end

SW2#show run
Building configuration…

Current configuration : 2771 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW2
!
enable password cisco
!
no aaa new-model
ip subnet-zero
ip routing
no ip domain-lookup
!
!
vtp domain DBMI
vtp mode transparent
!
!
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 36,100-103
!
ip tcp synwait-time 5
!
!
!
!
!
interface FastEthernet0/1
switchport mode dynamic desirable
!
interface FastEthernet0/2
switchport mode dynamic desirable
!
interface FastEthernet0/3
switchport mode dynamic desirable
!
interface FastEthernet0/4
switchport mode dynamic desirable
!
interface FastEthernet0/5
switchport mode dynamic desirable
!
interface FastEthernet0/6
switchport access vlan 101
switchport mode dynamic desirable
!
interface FastEthernet0/7
switchport mode dynamic desirable
!
interface FastEthernet0/8
switchport mode dynamic desirable
!
interface FastEthernet0/9
switchport mode dynamic desirable
!
interface FastEthernet0/10
switchport mode dynamic desirable
!
interface FastEthernet0/11
switchport mode dynamic desirable
!
interface FastEthernet0/12
switchport mode dynamic desirable
!
interface FastEthernet0/13
switchport mode dynamic desirable
!
interface FastEthernet0/14
switchport mode dynamic desirable
!
interface FastEthernet0/15
switchport mode dynamic desirable
!
interface FastEthernet0/16
switchport mode dynamic desirable
!
interface FastEthernet0/17
switchport mode dynamic desirable
!
interface FastEthernet0/18
switchport mode dynamic desirable
!
interface FastEthernet0/19
switchport mode dynamic desirable
!
interface FastEthernet0/20
switchport access vlan 100
switchport mode dynamic desirable
!
interface FastEthernet0/21
switchport mode dynamic desirable
!
interface FastEthernet0/22
switchport mode dynamic desirable
!
interface FastEthernet0/23
switchport mode dynamic desirable
!
interface FastEthernet0/24
switchport mode dynamic desirable
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan102
ip address 10.102.0.8 255.255.255.0
!
router eigrp 100
network 10.0.0.0
no auto-summary
!
ip classless
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
line vty 5 15
login
!
end

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s