その他

RT1 (Crypto Access Check on Clear-Text Packets)

RT1:
conf t
!
crypto isakmp policy 10
encryption aes
hash sha256
authentication pre-share
group 14
!
crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set TRANS esp-aes esp-sha256-hmac
mode tunnel
!
crypto map IPSEC 10 ipsec-isakmp
set peer 192.168.12.2
set transform-set TRANS
match address 101
!
interface ethernet 0/0
ip address 192.168.12.1 255.255.255.0
crypto map IPSEC
no shutdown
!
interface loopback 0
ip address 1.1.1.1 255.255.255.255
!
ip route 2.2.2.2 255.255.255.255 192.168.12.2
!
ip access-list extended 101
1 permit ip host 1.1.1.1 host 2.2.2.2
!
line vty 0 4
transport input telnet
login
password cisco
!
end