Cisco VPN debug

From Network Security Wiki
Jump to navigation Jump to search

Cisco VPN debugs are as follows:


Cisco RA VPN

Cisco Remote Access Tunnel VPN (ISKAMP) config:

hostname(config)# isakmp policy 1 authentication pre-share
hostname(config)# isakmp policy 1 encryption 3des
hostname(config)# isakmp policy 1 hash sha
hostname(config)# isakmp policy 1 group 2
hostname(config)# isakmp policy 1 lifetime 43200
hostname(config)# isakmp enable outside

Address Pool:
hostname(config)# ip local pool testpool 192.168.0.10-192.168.0.15

User:
hostname(config)# username testuser password 12345678

Transform Set - combines an encryption and authentication method:
hostname(config)# crypto ipsec transform set FirstSet esp-3des esp-md5-hmac

Tunnel Group:
hostname(config)# tunnel-group testgroup type ipsec-ra
hostname(config)# tunnel-group testgroup general-attributes
hostname(config-general)# address-pool testpool
hostname(config)# tunnel-group testgroup ipsec-attributes
hostname(config-ipsec)# pre-shared-key 44kkaol59636jnfx

Dynamic Crypto Map:
hostname(config)# crypto dynamic-map dyn1 1 set transform-set FirstSet
hostname(config)# crypto dynamic-map dyn1 1 set reverse-route
hostname(config)# crypto map mymap 1 ipsec-isakmp dynamic dyn1
hostname(config)# crypto map mymap interface outside

Cisco LAN-to-LAN VPN

Cisco LAN-to-LAN IPSec VPNs (ISKAMP) configuration example:

hostname(config)# isakmp policy 1 authentication pre-share
hostname(config)# isakmp policy 1 encryption 3des
hostname(config)# isakmp policy 1 hash sha
hostname(config)# isakmp policy 1 group 2
hostname(config)# isakmp policy 1 lifetime 43200
hostname(config)# isakmp enable outside

Transform Set:
hostname(config)# crypto ipsec transform set FirstSet esp-3des esp-md5-hmac

ACL:
hostname(config)# access-list l2l_list extended permit ip 192.168.0.0 255.255.0.0 150.150.0.0 255.255.0.0

Tunnel Group:
hostname(config)# tunnel-group 10.10.4.108 type ipsec-l2l
hostname(config)# tunnel-group 10.10.4.108 ipsec-attributes
hostname(config-ipsec)# pre-shared-key 44kkaol59636jnfx

Crypto Map:
hostname(config)# crypto map abcmap 1 match address l2l_list
hostname(config)# crypto map abcmap 1 set peer 10.10.4.108
hostname(config)# crypto map abcmap 1 set transform-set FirstSet
hostname(config)# crypto map abcmap interface outside





blog comments powered by Disqus