Hi, both end points have static (and official) IP addresses in my setup. The "isakmp peer" IP address defines the peer router. It might be possible to use a range of IP addresses there. This IP address defines the VPN configuration to use.
In my setup both sides are practically identical, just the ACL 100 has swapped source and destination ranges. The XSRs support a simplified VPN setup for dynamic clients, but I have never configured this. Erik On Mon, May 18, 2015 at 02:24:04PM +0200, Frank Miller wrote: > Hi, > > what is the IP-address 131.246.223.129 in your sample? > > we have one dynamic and one static address... > > it´ s possible to give me an sample-config for each site? > > Thanks > Frank Miller > > 2015-05-18 11:20 GMT+02:00 Erik Auerswald <[email protected]>: > > > Hi, > > > > the XSR configuration is very similar to Cisco IOS routers. For a basic > > IPsec VPN (with NAT traversal) you can orient yourself on any Cisco > > configuration you find on the net. > > > > A basic config from software version 7.5.0.0 looks as follows (no NAT-T): > > [This connects the networks 172.28.0.0/17 and 172.29.0.0/17.] > > > > --- snip --- > > > > !ACCESS-LIST > > access-list 100 permit ip 172.28.0.0 0.0.127.255 172.29.0.0 0.0.127.255 > > > > !IKE > > crypto isakmp proposal AES-PSK > > authentication pre-share > > encryption aes > > group 5 > > lifetime 3600 > > > > crypto isakmp peer 131.246.223.129 255.255.255.255 > > proposal AES-PSK > > > > !IPSEC > > crypto ipsec transform-set AES-PSK esp-aes esp-sha-hmac > > set pfs group2 > > no set security-association lifetime kilobytes > > > > crypto map LAB 10 > > set transform-set AES-PSK > > match address 100 > > set peer <IP_ADDRESS> > > > > aaa user <IP_ADDRESS> > > password <PASSWORD> > > > > !INTERFACE AND SUB-INTERFACE > > interface FastEthernet1 > > crypto map LAB > > > > --- snip --- > > > > HTH, > > Erik > > -- > > Dipl.-Inform. Erik Auerswald http://www.fg-networking.de/ > > [email protected] T:+49-631-4149988-0 M:+49-176-64228513 > > > > Gesellschaft für Fundamental Generic Networking mbH > > Geschäftsführung: Volker Bauer, Jörg Mayer > > Gerichtsstand: Amtsgericht Kaiserslautern - HRB: 3630 > > > > On Mon, May 18, 2015 at 10:07:52AM +0200, Frank Miller wrote: > > > Hi Everyone, > > > > > > we try to establish an VPN-connection between two XSR-1805 (FW: > > > 7.6.13.0007 with VPN and FW): > > > > > > - one XSR with an public-IP-adress (e.g. 213.141.213.x) > > > - one XSR with an private IP-address behind an ISP-Router (e.g. > > 171.121.1.x) > > > > > > Have everyone an manual or an sample config with > > step-for-step-instructions? > > > [?] > > > > > > Thanks > > > > > > Frank Miller --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
