Blog

 From http://ninja-tec.blogspot.com/2011/07/cisco-lan-2-lan-vpn.html

In this article I will describe a Lan-to-Lan IPSEC VPN and provide a full configuration example with two Cisco IOS Routers using IPSEC.

With IPSEC VPNs, businesses can connect together remotely distinct LANs over the Internet with the strong encryption and security offered by the IPSEC protocol.

IPSEC is a suit of several protocols that offer secure communication over insecure paths. It is therefore ideal for LAN networks over the insecure Internet.

 

Configuration for Cisco ROUTER-1:

service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER-1
!
boot-start-marker
boot-end-marker
!
!
!
ip audit po max-events 100
no ip domain lookup
no ftp-server write-enable
!
!— Define Internet Key Exchange (IKE) policy.

crypto isakmp policy 10

!— Specify the 256-bit AES as the
!— encryption algorithm within an IKE policy.

encr aes 256

!— Specify that pre-shared key authentication is used.

authentication pre-share

!— Specify the shared secret.

crypto isakmp key key123 address 200.0.0.1
!
!

!— Define the IPSec transform set.

crypto ipsec transform-set aes-sha-transform esp-aes 256 esp-sha-hmac
!

!— Define crypto map entry name “aesmap” that will use
!— IKE to establish the security associations (SA).

crypto map aesmap 10 ipsec-isakmp

!— Specify remote IPSec peer.

set peer 200.0.0.1

!— Specify which transform sets
!— are allowed for this crypto map entry.

set transform-set aes-sha-transform

!— Name the access list that determines which traffic
!— should be protected by IPSec.

match address acl_vpn
!
interface FastEthernet0/0
ip address 100.0.0.1 255.255.255.0
ip nat outside

!— Apply crypto map to the outside interface.
crypto map aesmap
!

interface FastEthernet0/1
ip address 192.168.1.254 255.255.255.0
ip nat inside

ip nat inside source list acl_nat interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 100.0.0.2
no ip http server
no ip http secure-server
!

ip access-list extended acl_nat

!— Exclude protected traffic from being NAT’ed.

deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any

!— Access list that defines traffic protected by IPSec.

ip access-list extended acl_vpn
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
!
end

Configuration for Cisco ROUTER-2:

Version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER-2
!
boot-start-marker
boot-end-marker
!
ip audit po max-events 100
no ip domain lookup
no ftp-server write-enable
!
!— Define Internet Key Exchange (IKE) policy.

crypto isakmp policy 10

!— Specify the 256-bit AES as the
!— encryption algorithm within an IKE policy.

encr aes 256

!— Specify that pre-shared key authentication is used.

authentication pre-share

!— Specify the shared secret.

crypto isakmp key key123 address 100.0.0.1
!
!

!— Define the IPSec transform set.

crypto ipsec transform-set aes-sha-transform esp-aes 256 esp-sha-hmac
!

!— Define crypto map entry name “aesmap” that will use
!— IKE to establish the security associations (SA).

crypto map aesmap 10 ipsec-isakmp

!— Specify remote IPSec peer.

set peer 100.0.0.1

!— Specify which transform sets
!— are allowed for this crypto map entry.

set transform-set aes-sha-transform

!— Name the access list that determines which traffic
!— should be protected by IPSec.

match address acl_vpn
!
interface FastEthernet0/0
ip address 200.0.0.1 255.255.255.0
ip nat outside

!— Apply crypto map to the outside interface.
crypto map aesmap
!

interface FastEthernet0/1
ip address 192.168.2.254 255.255.255.0
ip nat inside

ip nat inside source list acl_nat interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 200.0.0.2
no ip http server
no ip http secure-server
!

ip access-list extended acl_nat

!— Exclude protected traffic from being NAT’ed.

deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 any

!— Access list that defines traffic protected by IPSec.

ip access-list extended acl_vpn
permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
!
end

 http://ninja-tec.blogspot.com/2011/07/replace-failed-disk-in-linex-md-raid.html

Replace Failed Disk in Linux MD raid array

our main blog is now here

http://ninja-tec.blogspot.com/ 

 A few tweaks to the look and feel of the web site are now complete.  All busy here at ninja towers with the possibility of announcements next  week.

we also have our top 5 ways to stop spam

http://www.ninjatec.co.uk/topic/12-5-ways-to-stop-spam.aspx

We have managed to add  www.makemycomputerwork.co.uk to our portfolio of web sites.

Well were 28 days into ninjatec and loving the hard work it is providing.

Well we have officially started tradeing and with 50% until Monday its a good time to buy,

This is really not an April fool. 

So we went live a bit early, why not we have doen a lot of harf work. To celebrate its 50% off untill sunday 

so we go live in a week and things are really taking shape. Shop is live products are being added.

Well all is looking good for a April 1st Go Live, lots to do but feels like we are nearly there