Voici les configurations des 2 routeurs ! CONF SITE A - routeur pour la sortie WAN ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 5 crypto isakmp key PASSWORD address X.X.X.B crypto isakmp invalid-spi-recovery ! crypto ipsec security-association lifetime seconds 86400 ! crypto ipsec transform-set vpnset esp-3des esp-sha-hmac mode tunnel crypto ipsec df-bit clear ! crypto ipsec profile VPN set transform-set vpnset ! interface Loopback0 description TEST LAN SITE A ip address 192.168.1.254 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface Tunnel0 description * VPN vers Site B - 192.168.0.x * ip unnumbered Loopback0 ip mtu 1446 ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1406 tunnel source FastEthernet4 tunnel mode ipsec ipv4 tunnel destination X.X.X.B tunnel protection ipsec profile VPN ! interface FastEthernet4 description WAN INTERCO ip address A.A.A.1 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly in ip verify unicast reverse-path duplex full speed 100 ! ip nat inside source list 100 interface FastEthernet4 overload ip nat inside source list 101 interface FastEthernet4 overload ip route 0.0.0.0 0.0.0.0 FastEthernet4 ip route 192.168.0.0 255.255.255.0 Tunnel0 ! access-list 100 permit ip A.A.A.1 0.0.0.3 any access-list 101 permit ip 192.168.1.0 0.0.0.255 any access-list 101 permit ip 192.168.0.0 0.0.0.255 any ! ! ! CONF SITE B ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 5 crypto isakmp key PASSWORD address X.X.X.A crypto isakmp invalid-spi-recovery ! crypto ipsec security-association lifetime seconds 86400 ! crypto ipsec transform-set vpnset esp-3des esp-sha-hmac mode tunnel crypto ipsec df-bit clear ! crypto ipsec profile VPN set transform-set vpnset ! interface Loopback0 description IP PUB WAN ip address X.X.X.B 255.255.255.255 ! interface Tunnel0 description * VPN vers Site A - 192.168.1.x * ip unnumbered GigabitEthernet0/0 ip mtu 1446 ip tcp adjust-mss 1406 tunnel source Loopback0 tunnel mode ipsec ipv4 tunnel destination X.X.X.A tunnel protection ipsec profile VPN ! interface GigabitEthernet0/0 description LAN SITE B ip address 192.168.0.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly in ip verify unicast reverse-path duplex auto speed auto ! interface GigabitEthernet0/1 description WAN INTERCO ip address B.B.B.1 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly in duplex full speed 100 ! ip nat inside source list 100 interface Loopback0 overload ip nat inside source list 101 interface Tunnel0 overload ip route 0.0.0.0 0.0.0.0 192.168.1.254 ip route X.X.X.A 255.255.255.255 GigabitEthernet0/1 ip route 192.168.1.0 255.255.255.0 Tunnel0 ! access-list 100 permit ip B.B.B.1 0.0.0.3 any access-list 101 permit ip 192.168.0.0 0.0.0.255 any !
--------------------------- Liste de diffusion du FRnOG http://www.frnog.org/