Reuisitos VPN:
pre-share key: cisco
encryption aes-256
hash sha
group 5
En R1 --------------------
!
crypto ipsec transform-set ESP-AES256-SHA ah-sha-hmac esp-aes 256
!
ip access-list extended l2l
permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255
!
crypto map CMAP 10 ipsec-isakmp
set peer 10.0.23.2
set transform-set ESP-AES256-SHA
match address l2l
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
crypto isakmp key cisco address 10.0.23.2
crypto isakmp keepalive 10
!
!
interface FastEthernet0/0
ip address 10.0.13.1 255.255.255.0
duplex half
crypto map CMAP
!
En R2 ----------------------
crypto ipsec transform-set ESP-AES256-SHA ah-sha-hmac esp-aes 256
!
ip access-list extended l2l
permit ip 2.2.2.0 0.0.0.255 1.1.1.0 0.0.0.255
!
crypto map CMAP 10 ipsec-isakmp
set peer 10.0.13.1
set transform-set ESP-AES256-SHA
match address l2l
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
crypto isakmp key cisco address 10.0.13.1
crypto isakmp keepalive 10
!
!
interface FastEthernet0/0
ip address 10.0.23.2 255.255.255.0
duplex half
crypto map CMAP
!
Pruebas ---------------------------
R1#sh crypto isakmp sa
dst src state conn-id slot status
10.0.23.2 10.0.13.1 QM_IDLE 1 0 ACTIVE
R1#ping 2.2.2.2 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/31/48 ms