I need to do some template documents with questions that our clients need to answer so I will have all the details for configuring.
for example VPN site to site questions about: IP for peers,traffic that is allowed,authentication, hash ...
Does anyone know were I could find this kind of documents ?
I don't have a "magic template", but if you have some question regarding to VPNs you can ask for sure. Here is a discussion that might help you. https://learningnetwork.cisco.com/message/205316
unfortunately I'm looking for the magic template document
VPN is an example document
Take a look to the "magic document" for VPN or at least a prototype. I assumed that you have basic knowledge of Cisco networking therefore some outputs are being ommited. See configurations below:
hostname ROUTERX <- ROUTER'S NAME
crypto isakmp policy 10 <- CREATING THE ISAKMP POLICY, AND INSERTING THE PARAMETERS (HASH SHA-1 IS THE HAS DEFAULT, AND SO ON)
encr aes <- ENCRYPTION MECHANISM
authentication pre-share <- AUTHENTICATION TYPE
group 2 <- DH GROUP USED BY THE VPN
crypto isakmp policy 20 <- ANOTHER POLICY WITH A LOWER PRIORITY WITH DIFFERENT PARAMETERS.
crypto isakmp key 0 PASSWORD-KEY address 220.127.116.11 <- THE PSK OF THE VPN AND ADDRESS OF THE PEER
crypto ipsec transform-set 10 esp-aes esp-sha-hmac <- TRANSFORM SET PARAMETERS
crypto map VPN 10 ipsec-isakmp <- CRYPTO MAP TO GATHER ALL THE ALREADY MADE CONFIGURATIONS
set peer 18.104.22.168 <- THE PEER
set transform-set 10 <- TRANSFORM SET ALREADY CREATED
match address CRYPTO_ACL <- CRYPTO ACL CREATED TO LAUNCH THE INTERESTING TRAFFIC
!YOU SHOULD KNOW MOST OF THE CONFIGURATION THAT ARE COMING DOWN HERE:
description INSIDE INTERFACE
ip address 10.1.1.1 255.255.255.0 <- INSIDE ADDRESS
ip nat inside
ip address 22.214.171.124 255.255.255.252
ip nat outside
crypto map VPN <- APPLYING THE CRYPTO MAP TO THE OUTSIDE INTERFACE
ip forward-protocol nd
ip route 10.1.2.0 255.255.255.0 FastEthernet0/1 126.96.36.199 <- STATIC ROUTE TO THE REMOTE LAN
ip nat inside source route-map NONAT interface FastEthernet0/1 overload <- NAT PROCESS
ip access-list extended CRYPTO_ACL <- ACL FOR INTERESTING TRAFFIC
permit ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255
ip access-list extended NAT
deny ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255 <- EXCLUDING VPN TRAFFIC FROM NAT PROCESS
permit ip 10.1.1.0 0.0.0.255 any
route-map NONAT permit 10 <- ROUTE MAP FOR NAT
match ip address NAT
Here is your "magic template", now give me my 100 dollars!
I don't need a configuration example with explanations.
I need a document that has questions like:
Do you want to configure VPN ?
What is the IP of peers?
What IP range is allowed through the VPN tunnel ?
so if somebody needs a VPN they answer this questions and I will know details to configure the site-to-site VPN
That being said, you can use Excel/Word/OpenOffice or other programs and do it by yourself, since you know how to configure the VPN you most likely know what to ask to the client.
PS: Excuseme for the misunderstanding of your question.
I'm sorry for misleading you.
I thought cisco probably has this kind of documents somewhere, but I could not find them.
indeed it has, its called: "spend-at-least-2years-or-more-of-your-life-studying" to become ccnp (for example), that´s what cisco has regading to your request. i think you need to understand that somebody would actually have to do it for you to make money. doesn't seam reasonable to me. As far as technical help, im sure you will find anything here, as i think its one of the best knowledge bases on the net with the easiest access.