Welcome to the CHICKEN Scheme pasting service
IpsecVPN added by networkVPN on Wed Aug 24 18:16:46 2016
-------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------ IPSEC site to site VTI configuration
show vpn ipsec site-to-site peer 1xy.y.y.y
authentication {
mode pre-shared-secret
pre-shared-secret .........
}
connection-type initiate
ike-group IKE-group
ikev2-reauth inherit
local-address 2yx.x.x.x
vti {
bind vti10
esp-group ESP-group
}
------------------------------
show interfaces vti vti10
address 10.y.z.z/30
description PeerToCustomer
mtu 1400
show protocols static interface-route
interface-route 10.x.x.x/27 {
next-hop-interface vti10 {
}
}
-------------------------------------
nat-networks {
allowed-network 10.0.0.0/8 {
}
allowed-network 172.16.0.0/12 {
exclude 172.x.x.0/24
}
allowed-network 192.168.0.0/16 {
exclude 192.168.x.0/24
exclude 192.168.y.0/24
exclude 192.168.z.0/24
exclude 192.168.h.0/24
}
}
--------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------L2TP configuration
show vpn l2tp
remote-access {
authentication {
local-users {
username ....... {
password ........
}
}
mode local
}
client-ip-pool {
start 192.168.x.y
stop 192.168.x.z
}
dns-servers {
server-1 ........
server-2 ........
}
ipsec-settings {
authentication {
mode x509
x509 {
ca-cert-file /.../....
crl-file /.../....
server-cert-file /.../....
server-key-file /.../....
server-key-password ""
}
}
ike-lifetime 300
}
outside-address 2yx.x.x.x
outside-nexthop 2yx.x.x.y
wins-servers {
server-1 ............
}
}