--------CISCO--------
WAN 10.1.1.2
LAN 10.2.2.0/24
No NAT configured
crypto isakmp policy 20
hash md5
authentication pre-share
group 2
crypto isakmp key dara address 10.1.1.1
!
!
crypto ipsec transform-set myset esp-des esp-sha-hmac
!
crypto map mymap 21 ipsec-isakmp
set peer 10.1.1.1
set transform-set myset
set pfs group2
match address 101
!
!
!
!
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.0
duplex auto
speed auto
crypto map mymap
!
interface FastEthernet0/1
ip address 10.2.2.1 255.255.255.0
duplex auto
speed auto
!
!
ip route 192.168.1.0 255.255.255.0 10.1.1.1
!
!
ip http server
no ip http secure-server
!
access-list 101 permit ip 10.2.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
!
!
!
control-plane
--------MIKROTIK-----------
WAN 10.1.1.2
LAN 192.168.1.0/24
NO NAT Eabled
/ip address
add address=192.168.1.1/24 disabled=no interface=ether1 network=192.168.1.0
add address=192.168.10.1/24 disabled=yes interface=ether2 network=\
192.168.10.0
add address=10.1.1.1/24 disabled=no interface=ether2 network=10.1.1.0
add address=192.168.10.1/24 disabled=no interface=ether3 network=192.168.10.0
add address=5.5.5.1/24 disabled=no interface=vpls1 network=5.5.5.0
add address=10.255.1.1/32 disabled=no interface=l0 network=10.255.1.1
/ip route
add check-gateway=ping disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.57.45 routing-mark=squid-pc scope=30 target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=192.168.56.1 scope=\
30 target-scope=10
add disabled=no distance=1 dst-address=10.2.2.0/24 gateway=10.1.1.2 scope=30 \
target-scope=10
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=des \
lifetime=30m name=default pfs-group=modp1024
add auth-algorithms=md5 disabled=no enc-algorithms=3des lifetime=8m20s name=\
proposal1 pfs-group=none
/ip ipsec peer
add address=10.1.1.2/32 auth-method=pre-shared-key dh-group=modp1024 \
disabled=no dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=des \
exchange-mode=main generate-policy=yes hash-algorithm=md5 lifebytes=0 \
lifetime=1d my-id-user-fqdn="" nat-traversal=no port=500 proposal-check=\
obey secret=dara send-initial-contact=yes
/ip ipsec policy
add action=encrypt disabled=yes dst-address=10.1.16.0/28 dst-port=any \
ipsec-protocols=esp level=require priority=0 proposal=default protocol=\
all sa-dst-address=10.0.16.10 sa-src-address=10.0.16.9 src-address=\
10.0.0.0/24 src-port=any tunnel=yes
add action=encrypt disabled=no dst-address=10.2.2.0/24 dst-port=any \
ipsec-protocols=esp level=require priority=0 proposal=default protocol=\
all sa-dst-address=10.1.1.2 sa-src-address=10.1.1.1 src-address=\
192.168.1.0/24 src-port=any tunnel=yes
Good website dara
ReplyDelete