Skip navigation
Cisco Learning Home > CCNP R&S Study Group > Discussions
483 Views 7 Replies Latest reply: Jan 30, 2012 8:44 AM by Nuno RSS

Currently Being Moderated

template document for details needed to configure

Jan 30, 2012 3:26 AM

Bogdan 68 posts since
Mar 1, 2011

Hello,

I need to do some template documents with questions that our clients need to answer so I will have all the details for configuring.

for example VPN site to site questions about: IP for peers,traffic that is allowed,authentication, hash ...

Does anyone know were I could find this kind of documents ?

 

Thank you.

  • Elvin Arias 1,855 posts since
    Mar 12, 2010
    Currently Being Moderated
    1. Jan 30, 2012 4:36 AM (in response to Bogdan)
    Re: template document for details needed to configure

    I don't have a "magic template", but if you have some question regarding to VPNs you can ask for sure. Here is a discussion that might help you. https://learningnetwork.cisco.com/message/205316

     

    Elvin

  • Elvin Arias 1,855 posts since
    Mar 12, 2010
    Currently Being Moderated
    3. Jan 30, 2012 5:36 AM (in response to Bogdan)
    Re: template document for details needed to configure

    Take a look to the "magic document" for VPN or at least a prototype. I assumed that you have basic knowledge of Cisco networking therefore some outputs are being ommited. See configurations below:

     

    hostname ROUTERX <- ROUTER'S NAME

    !

    !

    crypto isakmp policy 10 <- CREATING THE ISAKMP POLICY, AND INSERTING THE PARAMETERS (HASH SHA-1 IS THE HAS DEFAULT, AND SO ON)

    encr aes <- ENCRYPTION MECHANISM

    authentication pre-share <- AUTHENTICATION TYPE

    group 2 <- DH GROUP USED BY THE VPN

    !

    crypto isakmp policy 20 <- ANOTHER POLICY WITH A LOWER PRIORITY WITH DIFFERENT PARAMETERS.

    encr des

    hash md5

    authentication pre-share

    crypto isakmp key 0 PASSWORD-KEY address 1.1.1.1 <- THE PSK OF THE VPN AND ADDRESS OF THE PEER

    !

    !

    crypto ipsec transform-set 10 esp-aes esp-sha-hmac <- TRANSFORM SET PARAMETERS

    !

    crypto map VPN 10 ipsec-isakmp <- CRYPTO MAP TO GATHER ALL THE ALREADY MADE CONFIGURATIONS

    set peer 1.1.1.1 <- THE PEER

    set transform-set 10 <- TRANSFORM SET ALREADY CREATED

    match address CRYPTO_ACL <- CRYPTO ACL CREATED TO LAUNCH THE INTERESTING TRAFFIC

    !

    !

    !

    !

    !YOU SHOULD KNOW MOST OF THE CONFIGURATION THAT ARE COMING DOWN HERE:

    !

    interface FastEthernet0/0

    description INSIDE INTERFACE

    ip address 10.1.1.1 255.255.255.0 <- INSIDE ADDRESS

    ip nat inside

    no shutdown

    !

    interface FastEthernet0/1

    description OUTSIDE

    ip address 1.1.1.6 255.255.255.252

    ip nat outside

    no shutdown

    crypto map VPN <- APPLYING THE CRYPTO MAP TO THE OUTSIDE INTERFACE

    !

    ip forward-protocol nd

    ip route 10.1.2.0 255.255.255.0 FastEthernet0/1 1.1.1.5 <- STATIC ROUTE TO THE REMOTE LAN

    !

    !

    ip nat inside source route-map NONAT interface FastEthernet0/1 overload <- NAT PROCESS

    !

    ip access-list extended CRYPTO_ACL <- ACL FOR INTERESTING TRAFFIC

    permit ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255

    ip access-list extended NAT

    deny   ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255 <- EXCLUDING VPN TRAFFIC FROM NAT PROCESS

    permit ip 10.1.1.0 0.0.0.255 any

    !

    route-map NONAT permit 10 <- ROUTE MAP FOR NAT

    match ip address NAT

    !

     

    Here is your "magic template", now give me my 100 dollars!

     

    Elvin

  • Elvin Arias 1,855 posts since
    Mar 12, 2010
    Currently Being Moderated
    5. Jan 30, 2012 6:01 AM (in response to Bogdan)
    Re: template document for details needed to configure

    That being said, you can use Excel/Word/OpenOffice or other programs and do it by yourself, since you know how to configure the VPN you most likely know what to ask to the client.

     

    PS: Excuseme for the misunderstanding of your question.

     

    Elvin

  • Nuno 305 posts since
    Nov 25, 2010
    Currently Being Moderated
    7. Jan 30, 2012 8:44 AM (in response to Bogdan)
    Re: template document for details needed to configure

    indeed it has, its called: "spend-at-least-2years-or-more-of-your-life-studying" to become ccnp (for example), that´s what cisco has regading to your request. i think you need to understand that somebody would actually have to do it for you to make money. doesn't seam reasonable to me. As far as technical help, im sure you will find anything here, as i think its one of the best knowledge bases on the net with the easiest access.

     

    NL

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)