ip filter
security implementation!!console character en.ascii console prompt R1 console info on login timer 21474836 syslog debug on ip lan1 address 10.1.1.1/24 ip lan2 address 198.51.100.1/24 dhcp service server dhcp server rfc2131 compliant except remain-silent dhcp scope 1 10.1.1.11-10.1.1.191/24 ip route 192.0.2.0/24 gateway 198.51.100.3
console character en.ascii console prompt R2 console info on login timer 21474836 syslog debug on ip lan1 address 10.2.2.2/24 ip lan2 address 192.0.2.2/24 dhcp service server dhcp server rfc2131 compliant except remain-silent dhcp scope 1 10.2.2.11-10.2.2.191/24 ip route 198.51.100.0/24 gateway 192.0.2.3
This device can be replaced another routing device. Be careful this device using port mirroring (SPAN: Switch Port Analyzer) feature.
configure terminal ! ip routing ! no cdp run ! monitor session 1 source interface FastEthernet 1/0/24 monitor session 1 destination interface FastEthernet 1/0/1 encapsulation replicate ! interface FastEthernet 1/0/23 no switchport ip address 192.0.2.3 255.255.255.0 interface FastEthernet 1/0/24 no switchport ip address 198.51.100.3 255.255.255.0 ! end
tunnel select 1 ipsec tunnel 1 ipsec sa policy 1 1 esp aes-cbc sha-hmac ipsec ike keepalive log 1 off ipsec ike keepalive use 1 on ipsec ike nat-traversal 1 on ipsec ike pre-shared-key 1 text secret12345 ipsec ike remote address 1 192.0.2.2 ip tunnel address 10.1.2.1/30 ip tunnel tcp mss limit auto tunnel enable 1 ipsec auto refresh on # ip route 10.2.2.0/24 gateway 10.1.2.2 #ip route 10.2.2.0/24 gateway tunnel 1
tunnel select 1 ipsec tunnel 1 ipsec sa policy 1 1 esp aes-cbc sha-hmac ipsec ike keepalive log 1 off ipsec ike keepalive use 1 on ipsec ike nat-traversal 1 on ipsec ike pre-shared-key 1 text secret12345 ipsec ike remote address 1 198.51.100.1 ip tunnel address 10.1.2.2/30 ip tunnel tcp mss limit auto tunnel enable 1 ipsec auto refresh on # ip route 10.1.1.0/24 gateway 10.1.2.1 #ip route 10.1.1.0/24 gateway tunnel 1
tunnel select 1 ipsec tunnel 1 ipsec sa policy 1 1 esp aes-cbc sha-hmac ipsec ike keepalive log 1 off ipsec ike keepalive use 1 on ipsec ike nat-traversal 1 on ipsec ike pre-shared-key 1 text secret12345 ipsec ike remote address 1 any ipsec ike remote name 1 site2 ip tunnel address 10.1.2.1/30 ip tunnel tcp mss limit auto tunnel enable 1 ipsec auto refresh on # ip route 10.2.2.0/24 gateway 10.1.2.2 #ip route 10.2.2.0/24 gateway tunnel 1
tunnel select 1 ipsec tunnel 1 ipsec sa policy 1 1 esp aes-cbc sha-hmac ipsec ike keepalive log 1 off ipsec ike keepalive use 1 on ipsec ike nat-traversal 1 on ipsec ike pre-shared-key 1 text secret12345 ipsec ike remote address 1 198.51.100.1 ip tunnel address 10.1.2.2/30 ip tunnel tcp mss limit auto tunnel enable 1 ipsec auto refresh on # ip route 10.1.1.0/24 gateway 10.1.2.1 #ip route 10.1.1.0/24 gateway tunnel 1