tech:network:yamaha:vpn:ipsec-vpn-rtx1210-site-to-site:ipsec-vpn-rtx1210-site-to-site
Table of Contents
WIP: Configure YAMAHA Router Site to Site IPsec VPN with RTX1210
- RTX1210 14.01.36
Main mode IPsec VPN- Aggressive mode IPsec VPN
- This configuration is PoC config, not production ready config. This lab lack of
ip filtersecurity implementation!!
Topology
Base Configuration
- R1
console character en.ascii console prompt R1 console info on login timer 21474836 syslog debug on ip lan1 address 10.1.1.1/24 ip lan2 address 198.51.100.1/24 dhcp service server dhcp server rfc2131 compliant except remain-silent dhcp scope 1 10.1.1.11-10.1.1.191/24 ip route 192.0.2.0/24 gateway 198.51.100.3
- R2
console character en.ascii console prompt R2 console info on login timer 21474836 syslog debug on ip lan1 address 10.2.2.2/24 ip lan2 address 192.0.2.2/24 dhcp service server dhcp server rfc2131 compliant except remain-silent dhcp scope 1 10.2.2.11-10.2.2.191/24 ip route 198.51.100.0/24 gateway 192.0.2.3
- SW3 Switch Cisco Catalyst 3750 IOS 15.0
This device can be replaced another routing device. Be careful this device using port mirroring (SPAN: Switch Port Analyzer) feature.
configure terminal ! ip routing ! no cdp run ! monitor session 1 source interface FastEthernet 1/0/24 monitor session 1 destination interface FastEthernet 1/0/1 encapsulation replicate ! interface FastEthernet 1/0/23 no switchport ip address 192.0.2.3 255.255.255.0 interface FastEthernet 1/0/24 no switchport ip address 198.51.100.3 255.255.255.0 ! end
- Ethernet 5 Connected to R1
- Ethernet 6 Connected to R2
- Ethernet 7 is Wireshark Probing Port
- Fa1/0/1 is Wireshark Probing Port
- Fa1/0/24 is Connected to R1 LAN 2
- Fa1/0/23 is Connected to R2 LAN 2
Configure IPsec VPN Public IP (Main Mode)
- R1
tunnel select 1 ipsec tunnel 1 ipsec sa policy 1 1 esp aes-cbc sha-hmac ipsec ike keepalive log 1 off ipsec ike keepalive use 1 on ipsec ike nat-traversal 1 on ipsec ike pre-shared-key 1 text secret12345 ipsec ike remote address 1 192.0.2.2 ip tunnel address 10.1.2.1/30 ip tunnel tcp mss limit auto tunnel enable 1 ipsec auto refresh on # ip route 10.2.2.0/24 gateway 10.1.2.2 #ip route 10.2.2.0/24 gateway tunnel 1
- R2
tunnel select 1 ipsec tunnel 1 ipsec sa policy 1 1 esp aes-cbc sha-hmac ipsec ike keepalive log 1 off ipsec ike keepalive use 1 on ipsec ike nat-traversal 1 on ipsec ike pre-shared-key 1 text secret12345 ipsec ike remote address 1 198.51.100.1 ip tunnel address 10.1.2.2/30 ip tunnel tcp mss limit auto tunnel enable 1 ipsec auto refresh on # ip route 10.1.1.0/24 gateway 10.1.2.1 #ip route 10.1.1.0/24 gateway tunnel 1
NOT Verified: Configure IPsec VPN Public IP (Aggressive Mode)
- R1 (Fixed IP)
tunnel select 1 ipsec tunnel 1 ipsec sa policy 1 1 esp aes-cbc sha-hmac ipsec ike keepalive log 1 off ipsec ike keepalive use 1 on ipsec ike nat-traversal 1 on ipsec ike pre-shared-key 1 text secret12345 ipsec ike remote address 1 any ipsec ike remote name 1 site2 ip tunnel address 10.1.2.1/30 ip tunnel tcp mss limit auto tunnel enable 1 ipsec auto refresh on # ip route 10.2.2.0/24 gateway 10.1.2.2 #ip route 10.2.2.0/24 gateway tunnel 1
- R2 (Non FIxed IP)
tunnel select 1 ipsec tunnel 1 ipsec sa policy 1 1 esp aes-cbc sha-hmac ipsec ike keepalive log 1 off ipsec ike keepalive use 1 on ipsec ike nat-traversal 1 on ipsec ike pre-shared-key 1 text secret12345 ipsec ike remote address 1 198.51.100.1 ip tunnel address 10.1.2.2/30 ip tunnel tcp mss limit auto tunnel enable 1 ipsec auto refresh on # ip route 10.1.1.0/24 gateway 10.1.2.1 #ip route 10.1.1.0/24 gateway tunnel 1
References
tech/network/yamaha/vpn/ipsec-vpn-rtx1210-site-to-site/ipsec-vpn-rtx1210-site-to-site.txt · Last modified: 2020/05/30 13:21 by wnoguchi
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
