12-09-2007 06:02 AM - edited 03-03-2019 07:51 PM
Hi,
we have three WAN ccts (6M ADSL, 10M ethernet and E1 IPLC). all of themn are connected to 4700. I will build the vpn between HK and TW. Also, we have one IPLC between HK and TW.
following is the ip address allocation
1. 192.168.16.0/22 in HK HQ
2. 192.168.132.0/22 in TST
3. 192.168.196.0/22 in TW
I would like to achieve those services, all traffic access destination IP:
1. 192.168.196.0/24 must via IPLC
2. 192.168.197.0/24 must via VPN
3. 192.168.198.0/24, some goes iplc some goes vpn
and
4. 192.168.16.128/25 access 192.168.196.0/24 must go VPN (not IPLC)
5. 192.168.133.128/25 access 192.168.196.0/24 must go VPN (not IPLC)
what config can achieve item 4 and 5 requirement? pls advise
regards,
! router config:
!
crypto isakmp key xxxxx address 152.x.x.x
!
crypto ipsec transform-set myset esp-des esp-md5-hmac
!
crypto map mymap local-address FastEthernet1
!
crypto map mymap 120 ipsec-isakmp
description vpn to TW
set peer 152.x.x.x
set transform-set myset
match address 120
!
access-list 120 permit ip 192.168.16.0 0.0.3.255 192.168.196.0 0.0.3.255
access-list 120 permit ip 192.168.132.0 0.0.3.255 192.168.196.0 0.0.3.255
!
interface FastEthernet 0.1
description to 10M ethernet to TST
ip address 192.168.128.1 255.255.255.252
ip nat inside
!
interface FastEthernet 0.2
description to user segment
ip address 192.168.16.1 255.255.255.0
ip address 192.168.17.1 255.255.255.0 sec
ip address 192.168.18.1 255.255.255.0 sec
ip address 192.168.19.1 255.255.255.0 sec
ip nat inside
!
interface FastEthernet 1
description to PCCW ADSL (VPN service)
ip address 218.x.x.x 255.255.255.254
ip nat outside
crypto map mymap
!
interface serial 0
description to TW
ip address 192.168.192.1 255.255.255.252
!
ip nat pool NAT 218.x.x.x 218.x.x.x netmask 255.255.255.254
ip nat inside source route-map VPN_nonat interface FastEthernet1 overload
!
route-map VPN_nonat permit 10
match ip address 150
!
access-list 150 deny ip 192.168.16.0 0.0.3.255 192.168.196.0 0.0.3.255
access-list 150 deny ip 192.168.132.0 0.0.3.255 192.168.196.0 0.0.3.255
access-list 150 permit ip 192.168.16.0 0.0.3.255 any
access-list 150 permit ip 192.168.132.0 0.0.3.255 any
!
! go iplc
ip route 192.168.196.0 255.255.255.0 serial 0
!
! some go iplc
ip route 192.168.198.110 255.255.255.255 serial 0
ip route 192.168.198.153 255.255.255.255 serial 0
ip route 192.168.198.166 255.255.255.255 serial 0
ip route 192.168.198.248 255.255.255.248 serial 0
!
! other traffic should go VPN
12-17-2007 06:11 AM
Implement IPsec tunnel between 192.168.16.128/25 and 192.168.196.0/24 and also 192.168.133.128/25 and 192.168.196.0/24 . If you are not familiar the steps use the SDM for configuration.
12-20-2007 09:04 AM
I should build VPN
the first is 192.168.16.0 - 192.168.196.0
and ipsec tunnel
the second is 192.168.16.128 - 192.168.196.0
any sample of ipsec tunnel config?
rgds
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide