7 Replies Latest reply: Jan 30, 2012 8:44 AM by Nuno RSS

    template document for details needed to configure

    Bogdan

      Hello,

      I need to do some template documents with questions that our clients need to answer so I will have all the details for configuring.

      for example VPN site to site questions about: IP for peers,traffic that is allowed,authentication, hash ...

      Does anyone know were I could find this kind of documents ?

       

      Thank you.

        • 1. Re: template document for details needed to configure
          Elvin Arias

          I don't have a "magic template", but if you have some question regarding to VPNs you can ask for sure. Here is a discussion that might help you. https://learningnetwork.cisco.com/message/205316

           

          Elvin

          • 2. Re: template document for details needed to configure
            Bogdan

            unfortunately I'm looking for the magic template document

            VPN is an example document

             

            Thank you.

            • 3. Re: template document for details needed to configure
              Elvin Arias

              Take a look to the "magic document" for VPN or at least a prototype. I assumed that you have basic knowledge of Cisco networking therefore some outputs are being ommited. See configurations below:

               

              hostname ROUTERX <- ROUTER'S NAME

              !

              !

              crypto isakmp policy 10 <- CREATING THE ISAKMP POLICY, AND INSERTING THE PARAMETERS (HASH SHA-1 IS THE HAS DEFAULT, AND SO ON)

              encr aes <- ENCRYPTION MECHANISM

              authentication pre-share <- AUTHENTICATION TYPE

              group 2 <- DH GROUP USED BY THE VPN

              !

              crypto isakmp policy 20 <- ANOTHER POLICY WITH A LOWER PRIORITY WITH DIFFERENT PARAMETERS.

              encr des

              hash md5

              authentication pre-share

              crypto isakmp key 0 PASSWORD-KEY address 1.1.1.1 <- THE PSK OF THE VPN AND ADDRESS OF THE PEER

              !

              !

              crypto ipsec transform-set 10 esp-aes esp-sha-hmac <- TRANSFORM SET PARAMETERS

              !

              crypto map VPN 10 ipsec-isakmp <- CRYPTO MAP TO GATHER ALL THE ALREADY MADE CONFIGURATIONS

              set peer 1.1.1.1 <- THE PEER

              set transform-set 10 <- TRANSFORM SET ALREADY CREATED

              match address CRYPTO_ACL <- CRYPTO ACL CREATED TO LAUNCH THE INTERESTING TRAFFIC

              !

              !

              !

              !

              !YOU SHOULD KNOW MOST OF THE CONFIGURATION THAT ARE COMING DOWN HERE:

              !

              interface FastEthernet0/0

              description INSIDE INTERFACE

              ip address 10.1.1.1 255.255.255.0 <- INSIDE ADDRESS

              ip nat inside

              no shutdown

              !

              interface FastEthernet0/1

              description OUTSIDE

              ip address 1.1.1.6 255.255.255.252

              ip nat outside

              no shutdown

              crypto map VPN <- APPLYING THE CRYPTO MAP TO THE OUTSIDE INTERFACE

              !

              ip forward-protocol nd

              ip route 10.1.2.0 255.255.255.0 FastEthernet0/1 1.1.1.5 <- STATIC ROUTE TO THE REMOTE LAN

              !

              !

              ip nat inside source route-map NONAT interface FastEthernet0/1 overload <- NAT PROCESS

              !

              ip access-list extended CRYPTO_ACL <- ACL FOR INTERESTING TRAFFIC

              permit ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255

              ip access-list extended NAT

              deny   ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255 <- EXCLUDING VPN TRAFFIC FROM NAT PROCESS

              permit ip 10.1.1.0 0.0.0.255 any

              !

              route-map NONAT permit 10 <- ROUTE MAP FOR NAT

              match ip address NAT

              !

               

              Here is your "magic template", now give me my 100 dollars!

               

              Elvin

              • 4. Re: template document for details needed to configure
                Bogdan

                I don't need a configuration example with explanations.

                I need a document that has questions like:

                Do you want to configure VPN ?

                What is the IP of peers?

                What IP range is allowed through the VPN tunnel ?

                ...

                so if somebody needs a VPN they answer this questions and I will know details to configure the site-to-site VPN

                • 5. Re: template document for details needed to configure
                  Elvin Arias

                  That being said, you can use Excel/Word/OpenOffice or other programs and do it by yourself, since you know how to configure the VPN you most likely know what to ask to the client.

                   

                  PS: Excuseme for the misunderstanding of your question.

                   

                  Elvin

                  • 6. Re: template document for details needed to configure
                    Bogdan

                    I'm sorry for misleading you.

                    I thought cisco probably has this kind of documents somewhere, but I could not find them.

                    • 7. Re: template document for details needed to configure
                      Nuno

                      indeed it has, its called: "spend-at-least-2years-or-more-of-your-life-studying" to become ccnp (for example), that´s what cisco has regading to your request. i think you need to understand that somebody would actually have to do it for you to make money. doesn't seam reasonable to me. As far as technical help, im sure you will find anything here, as i think its one of the best knowledge bases on the net with the easiest access.

                       

                      NL