Application Note 45. Main Mode IPSec VPN from Digi WR44 to a Cisco 3745. Using GRE over IPSec with the Cisco configured for VTI

Similar documents
Application Note 45. Main Mode IPSec VPN from Digi WR44 to a Cisco Using GRE over IPSec with the Cisco configured for VTI. UK Support June 2011

Quick Note 14. Secure File Upload Using PSCP. UK Support August 2011

Quick Note 017. MIB file creation and basic usage with SNMP clients. June 2015

Quick Note 34. Configuring Syslog alerting on a TransPort router. TransPort Support March 2013

UK Support August 2012

Application Note 48. WPA Enterprise Wi-Fi Client to Digi TransPort. UK Support August 2012

Quick Note 36. Configuring SNMP Trap alerting on a TransPort router. TransPort Support March 2013

Application Note 53. Configure a Digi TransPort Router to use DMNR (Dynamic Mobile Network Routing)

MR-200/250 and DR-250

Quick Note 055. Configure a Digi TransPort Router with NAT to a Passive FTP Server.

LAN-Cell to Cisco Tunneling

Quick Note 011. Configuring a Digi TransPort as a PPTP server for Windows Clients. UK Support August 2011

Application Note 10. IPSec Over Cellular using Digi Transport Routers Pre-shared keys. UK Support February 2010

Quick Note 041. Digi TransPort to Digi TransPort VPN Tunnel using OpenSSL certificates.

Quick Note 20. Configuring a GRE tunnel over an IPSec tunnel and using BGP to propagate routing information. (GRE over IPSec with BGP)

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

Table of Contents. Cisco Configuring IPSec Cisco Secure VPN Client to Central Router Controlling Access

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

IPSec. User Guide Rev 2.2

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

Quick Note 15. Quality of Service (QoS) on a TransPort router

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

GregSowell.com. Mikrotik VPN

Table of Contents. Cisco Using the Cisco IOS Firewall to Allow Java Applets From Known Sites while Denying Others

IPsec VPN Application Guide REV:

Remote Access VPN Business Scenarios

Quick Note 53. Ethernet to W-WAN failover with logical Ethernet interface.

Application Note 21. L2TP over IPSEC VPN server. Uksupport June 2011

Module 6 Configure Remote Access VPN

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Keying Mode: Main Mode with No PFS (perfect forward secrecy) SA Authentication Method: Pre-Shared key Keying Group: DH (Diffie Hellman) Group 1

Lab a Configure Remote Access Using Cisco Easy VPN

Configuration Guide. How to establish IPsec VPN Tunnel between D-Link DSR Router and iphone ios. Overview

Configuring an IPSec Tunnel between a Firebox & a Cisco PIX 520

Network Security 2. Module 6 Configure Remote Access VPN

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

How To Configure A Cisco Router With A Cio Router

Network Diagram Scalability Testbed and Configuration Files

System Components PBX Model. Configuration Tasks

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

Vodafone MachineLink 3G. IPSec VPN Configuration Guide

Using a Sierra Wireless AirLink Raven X or Raven-E with a Cisco Router Application Note

Cisco 1841 MyDigitalShield BYOG Integration Guide

Configure ISDN Backup and VPN Connection

Virtual Private Network (VPN)

Lab Configure a PIX Firewall VPN

Cisco Site-to-Site VPN Lab 3 / GRE over IPSec VPNs by Michael T. Durham

ICND IOS CLI Study Guide (CCENT)

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

BRI to PRI Connection Using Data Over Voice

Lab Configuring Syslog and NTP (Instructor Version)

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Objectives Understand Cisco IOS system architecture components. Work with the Cisco IOS Command Line Interface (CLI) and common commands.

The Cisco IOS Firewall feature set is supported on the following platforms: Cisco 2600 series Cisco 3600 series

Setting up VPN Access for Remote Diagnostics Support

Application Notes SL1000/SL500 VPN with Cisco PIX 501

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

REMOTE ACCESS VPN NETWORK DIAGRAM

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Application Note 47. Configuring a Windows OpenVPN server and a Digi TransPort router as an OpenVPN client. UK Support August 2012

How To Industrial Networking

Configuring the PIX Firewall with PDM

7. Configuring IPSec VPNs

Chapter 8 Lab A: Configuring a Site-to-Site VPN Using Cisco IOS and SDM

How To Configure L2TP VPN Connection for MAC OS X client

How to configure VPN function on TP-LINK Routers

CCT vs. CCENT Skill Set Comparison

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

Using IPsec VPN to provide communication between offices

Setting up VPN connection: DI-824VUP+ with Windows PPTP client

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Packet Tracer Configuring VPNs (Optional)

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

Procedure: You can find the problem sheet on Drive D: of the lab PCs. Part 1: Router & Switch

Brest. Backup : copy flash:ppe_brest1 running-config

Quick Note 026. Using the firewall of a Digi TransPort to redirect HTTP Traffic to a proxy server. Digi International Technical Support December 2011

VPN. VPN For BIPAC 741/743GE

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Table of Contents. Cisco Configuring an IPSec LAN to LAN Tunnel for Cisco VPN 5000 Concentrator to Cisco Secure PIX Firewall

Lab Configure Remote Access Using Cisco Easy VPN

Lab 5.3.9b Managing Router Configuration Files Using TFTP

Configuring the MNLB Forwarding Agent

TotalCloud Phone System

How to configure VPN function on TP-LINK Routers

Lab Creating a Network Map using CDP Instructor Version 2500

Configure IPSec VPN Tunnels With the Wizard

Deploying IPSec VPN in the Enterprise

VPN SECURITY POLICIES

VPN Wizard Default Settings and General Information

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

Lab Configure Basic AP Security through IOS CLI

Configuring a BANDIT Product for Virtual Private Networks

Quick Note 051. Common Passwords/ID errors in IPsec VPN negotiation for TransPort routers. DRAFT July 2015

Chapter 6 Basic Virtual Private Networking

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Lab 6.5.9b Configure a Secure VPN Using IPSec between a PIX and a VPN Client using CLI

Transcription:

Application Note 45 Main Mode IPSec VPN from Digi WR44 to a Cisco 3745. Using GRE over IPSec with the Cisco configured for VTI UK Support June 2011 1

Contents 1 Introduction... 3 1.1 Outline... 3 1.2 Assumptions... 3 1.3 Corrections... 3 1.4 Version... 3 2 Scenario... 4 3 Configure the Cisco. IPSec Responder... 5 3.2 Configure the default route and enable NAT on the WAN interface... 6 3.3 Configure IPSec phase 1 parameters and pre-shared key... 6 3.4 Configure IPSec phase 2 parameters... 7 3.5 Configure the VTI tunnel interface... 8 3.6 Add a route to the remote LAN subnet via Tunnel 0... 9 3.7 Exit global config mode and save the configuration... 9 4 Configure the WR44. IPSec Initiator... 10 4.1 Configure the Ethernet interfaces... 10 4.2 Configure the default route... 11 4.3 Configure IPSec phase 1 parameters... 12 4.4 Configure the Pre-shared key... 12 4.5 Configure phase 2... 13 4.6 Configure the GRE tunnel... 15 4.7 Save the configuration... 16 5 Confirm IPSec & GRE is up and ping test the connection.... 17 5.1 Using the Digi WR44... 17 5.2 Using the Cisco 3745... 19 6 Firmware versions... 21 6.1 Digi TransPort WR44... 21 6.2 Cisco 3745... 22 7 Configuration Files... 23 7.1 Digi Transport WR44... 23 7.2 Cisco 3745... 25 2

1 INTRODUCTION 1.1 Outline This document describes how to configure a GRE tunnel within an IPSec tunnel to secure communications between a Digi TransPort router and a Cisco router configured with Virtual Tunnel Interfaces (VTI). The GRE tunnel provides a point-to-point link between the routers that can be used by routing protocols as well as for transferring regular data. The Cisco VTI configuration is an updated and simpler method of creating GRE over IPSec VPNs on Cisco routers. There are two types of VTI interfaces: static VTIs (SVTIs) and dynamic VTIs (DVTIs). This example will use SVTIs. VTI information from Cisco s website Benefits of Using IPsec Virtual Tunnel Interfaces instead of Crypto Map IPsec VTIs allow you to configure a virtual interface to which you can apply features. Features for clear-text packets are configured on the VTI. Features for encrypted packets are applied on the physical outside interface. When IPsec VTIs are used, you can separate the application of features such as NAT, ACLs, and QoS and apply them to clear-text or encrypted text, or both. When crypto maps are used, there is no simple way to apply encryption features to the IPsec tunnel. 1.2 Assumptions This guide has been written for use by technically competent personnel with a good understanding of the communications technologies used in the product, and of the requirements for their specific application. Configuration: This Application Note assumes the devices are set to their factory default configurations. Most configuration commands are only shown if they differ from the factory default. This application note applies to; Models shown: Digi TransPort WR44 router and Cisco 3745 router. Other Compatible Models: All other Digi Transport products. Firmware versions: Digi 5130 or newer. Cisco 12.4 or newer. 1.3 Corrections Requests for corrections or amendments to this application note are welcome and should be addressed to: uksupport@digi.com Requests for new application notes can be sent to the same address. 1.4 Version Version Number Status 1.0 Published 1.1 Updated for new GUI 3

2 SCENARIO For the purposes of this application note, the following scenario will be used. The IPSec VPN is a Main mode configuration. The Cisco 3745 is the IPSec responder. The Digi WR44 is the IPSec initiator. The IP addressing used is as follows: Digi WR44 WAN = Eth 0 = 10.0.149.217/24 LAN = Eth 1 = 10.0.36.203/24 GRE = Tun 0 = 172.16.1.2/30 Cisco 3745 WAN = Fa0/0 = 10.0.149.203/24 LAN = Fa0/1 = 10.0.35.203/24 GRE = Tun0 = 172.16.1.1/30 IPSec parameters: IPSec Type: Main mode Phase 1 Encryption algorithm: Three key triple DES Hash algorithm: Secure Hash Standard (SHA1) Authentication method: Pre-Shared Key Diffie-Hellman group: #2 (1024 bit) Lifetime: 86400 seconds, no volume limit Pre-shared key: Phase 2 Encryption algorithm: Hash algorithm: Mode: DH group: Lifetime: Cisco12345 Three key triple DES Secure Hash Standard (SHA1) Tunnel mode No PFS 3600 seconds, no volume limit 4

3 CONFIGURE THE CISCO. IPSEC RESPONDER 3.1.1 Configure the Ethernet interfaces, Console port and hostname From the Cisco console port configure the Ethernet interfaces with the addressing shown in Section 2. Set the Console port exec-timeout and the hostname. The relevant Cisco config from sh run should be: hostname Cisco interface FastEthernet0/0 description WAN ip address 10.0.149.203 255.255.255.0 speed auto full-duplex interface FastEthernet0/1 description LAN ip address 10.0.35.203 255.255.255.0 speed auto full-duplex line con 0 exec-timeout 3000 0 5

3.2 Configure the default route and enable NAT on the WAN interface The relevant Cisco config from sh run should be: interface FastEthernet0/0 description WAN ip address 10.0.149.203 255.255.255.0 ip nat outside duplex auto speed auto interface FastEthernet0/1 description LAN ip address 10.0.35.203 255.255.255.0 ip nat inside duplex auto speed auto ip route 0.0.0.0 0.0.0.0 10.0.149.254 ip nat inside source list 1 interface FastEthernet0/0 overload access-list 1 permit 10.0.35.0 0.0.0.255 3.3 Configure IPSec phase 1 parameters and pre-shared key Create an ISAKMP policy and give it is priority of 1. Set 3DES encryption, the authentication mode as pre-shared keys & the DH group to 2. Set the pre-shared key as Cisco12345 for all remote devices. The relevant Cisco config from sh run should be: crypto isakmp policy 1 encr 3des authentication pre-share 6

group 2 crypto isakmp key Cisco12345 address 0.0.0.0 0.0.0.0 The phase 1 policy can be confirmed: 3.4 Configure IPSec phase 2 parameters Create a transform set named T1 and enable 3DES & SHA1 Create an IPSec profile named P1 Link the transform set T1 to the IPSec profile P1 The relevant Cisco config from sh run should be: crypto ipsec transform-set T1 esp-3des esp-sha-hmac crypto ipsec profile P1 set transform-set T1 The phase 2 transform set can be confirmed: 7

3.5 Configure the VTI tunnel interface Create the Tunnel 0 interface. Set the IP address Enable Keep-alives for every 3 seconds and set to show link as down after 3 failures. Set the load check interval to 30 seconds Set the tunnel source & destination Link the IPSec profile P1 to this tunnel so that traffic is encrypted. Take note that the Cisco source and destination addressing on the IPSec tunnel uses WAN interface addresses rather than private addressing as seen on regular Digi GRE / IPSec configurations. The GRE addressing does however use a regular 30 bit mask to create a point to point link. The relevant Cisco config from sh run should be: interface Tunnel0 ip address 172.16.1.1 255.255.255.252 ip ospf mtu-ignore load-interval 30 keepalive 3 3 tunnel source 10.0.149.203 tunnel destination 10.0.149.217 tunnel protection ipsec profile P1 Confirm the mode of the tunnel is GRE / IP If the tunnel is showing anything other than GRE / IP, use the following commands to set the tunnel mode correctly: interface Tunnel0 tunnel mode gre ip 8

3.6 Add a route to the remote LAN subnet via Tunnel 0 Add a route so that 10.0.36.0/24 is directed via Tun0 3.7 Exit global config mode and save the configuration 9

4 CONFIGURE THE WR44. IPSEC INITIATOR 4.1 Configure the Ethernet interfaces 4.1.1 Ethernet 0 The WAN interface Browse to Configuration - Network > Interfaces > Ethernet > ETH 0 Set the Description, IP address & Mask. Click Advanced and enable NAT & IPsec. Configuration - Network > Interfaces > Ethernet > ETH 0 > Advanced 10

Parameter Setting Description Description WAN Friendly name for this interface IP address 10.0.149.217 IP address Mask 255.255.255.0 Subnet mask Enable NAT on this Ticked and IP Enables NAT on this interface interface address selected Enable IPsec on Ticked Enables IPSec on this interface this interface 4.1.2 Ethernet 1 The LAN interface. Browse to Configuration - Network > Interfaces > Ethernet > ETH 1 Set the Description and IP address. NAT and IPSec should remain disabled. Parameter Setting Description Description LAN Friendly name for this interface IP address 10.0.36.203 IP address Mask 255.255.255.0 Subnet mask 4.2 Configure the default route Browse to Configuration - Network > IP Routing/Forwarding > Static Routes > Default Route 0 Set the Description, Gateway IP address and exit interface. Parameter Setting Description Description Default Route via Eth 0 Friendly name for this interface Gateway 10.0.149.254 IP address of the next hop router Interface Ethernet 0 Exit interface 11

4.3 Configure IPSec phase 1 parameters Browse to Configuration - Network > Virtual Private Networking (VPN) > IPsec > IKE > IKE 0 These parameters must match the Cisco phase 1 parameters. Parameter Setting Description Encryption 3DES Use 3DES encryption Authentication SHA1 Use SHA1 authentication MODP Group for Phase 1 2 (1024) Use DH group 2 Renegotiate after 24 Phase 1 lifetime in hours 4.4 Configure the Pre-shared key Browse to the next available unused User in the user table. In this example, this is User 2. The name is the IP address of the IPSec peer. This is what will be sent from the Cisco for its authentication. The Password is the Pre-shared key. Access level should be set to None, so if anyone knows these credentials, they cannot access the router for configuration or management. Browse to Configuration - Security > Users > User 0-9 > User 2 Parameter Setting Description Name 10.0.149.203 IP address of IPSec Peer (Cisco WAN address) Password Cisco12345 Pre-shared key Confirm Password Cisco12345 Pre-shared key Access Level None No access to router management for this user 12

4.5 Configure phase 2 Browse to Configuration - Network > Virtual Private Networking (VPN) > IPsec > IPsec Tunnels > IPsec 0 These parameters must match the Cisco phase 2 parameters. 13

Parameter Setting Description Description IPSec to Cisco Friendly name for this VPN The IP address or hostname of the 10.0.149.203 IPSec peer IP address (Cisco WAN address) remote unit Local LAN Use these settings for the local LAN Use the specified settings below IP Address 10.0.149.217 Local IPSec endpoint (WR44 WAN address) Mask 255.255.255.255 Local IPSec endpoint mask (Must be /32) Remote LAN Use these settings for the remote LAN Use the specified settings below IP Address 10.0.149.203 Remote IPSec endpoint (Cisco WAN address) Mask 255.255.255.255 Remote IPSec endpoint mask (Must be /32) Use the following security on this tunnel Preshared Keys Use Preshared keys for authentication between routers Our ID 10.0.149.217 Local router IPSec ID (WR44 WAN address) Our ID type IPv4 Address Type of IDs used. IPv4 addresses. Remote ID 10.0.149.203 IPSec peer ID (Cisco WAN address) Use x encryption on this tunnel 3DES Use 3DES encryption Use x authentication on this tunnel SHA1 Use SHA1 authentication Bring this tunnel up If the tunnel is down and a packet is ready to be sent Renew the tunnel after All the time Bring the tunnel up 1 hrs / 4608000 KBytes Create SAs, but only if there is a valid route and interface to create the IPSec tunnel on. If there is no IPSec SA, use IKE to create one. Lifetime of phase 2 SA in seconds / Lifetime of phase 2 SA in kilobytes 14

4.6 Configure the GRE tunnel This is the Digi TransPort end of the point to point GRE tunnel. Configure the tunnel IP address, and source and destination. Note that the source and destination addresses are the WAN interface addresses of the 2 routers. Browse to Configuration - Network > Interfaces > GRE > Tunnel 0 Parameter Setting Description Description GRE to Cisco Friendly name for this interface IP address 172.16.1.2 GRE local endpoint IP address Mask 255.255.255.252 GRE local endpoint subnet mask Use IP Address / Source IP address of this tunnel 10.0.149.217 (WR44 WAN interface) Source IP Address Destination IP Address or Hostname Enable keepalives on this GRE tunnel Send a keepalive every x seconds Bring this GRE tunnel down after no replies to x keepalives 10.0.149.203 Ticked Destination IP address of this tunnel (Cisco WAN interface) Enables GRE keepalives 3 Sends 1 keepalive every 3 seconds 3 If 3 keepalive packets fail, the tunnel is marked as down 15

4.7 Save the configuration Browse to Administration - Save configuration Save the configuration to profile 0, the default power up config. 16

5 CONFIRM IPSEC & GRE IS UP AND PING TEST THE CONNECTION. 5.1 Using the Digi WR44 5.1.1 Check the IPSec SA status Browse to Management - Connections > Virtual Private Networking (VPN) > IPsec > IPsec Tunnels 5.1.2 Check the GRE tunnel status Browse to Management - Network Status > Interfaces > GRE 5.1.3 Ping an IP address on the Cisco LAN subnet Browse to Administration - Execute a command 17

18

5.2 Using the Cisco 3745 5.2.1 Check the IPSec SA status 19

5.2.2 Check the GRE tunnel status 5.2.3 Ping an IP address on the Cisco LAN subnet 20

6 FIRMWARE VERSIONS 6.1 Digi TransPort WR44 Digi TransPort WR44-HX00-WE1-XX Ser#:140837 HW Revision: 7902a Software Build Ver5130. Jun 30 2011 01:33:02 SW ARM Bios Ver 6.06 v39 400MHz B512-M512-F80-O80001,2 MAC:00042d022625 Power Up Profile: 0 Async Driver Revision: 1.19 Int clk IX Revision: 1.0 Ethernet Hub Driver Revision: 1.11 Firewall Revision: 1.0 EventEdit Revision: 1.0 Timer Module Revision: 1.1 (B)USBHOST Revision: 1.0 L2TP Revision: 1.10 PPTP Revision: 1.00 TACPLUS Revision: 1.00 MODBUS Revision: 0.00 LAPB Revision: 1.12 X25 Layer Revision: 1.19 MACRO Revision: 1.0 PAD Revision: 1.4 X25 Switch Revision: 1.7 V120 Revision: 1.16 TPAD Interface Revision: 1.12 GPS Revision: 1.0 SCRIBATSK Revision: 1.0 BASTSK Revision: 1.0 PYTHON Revision: 1.0 ARM Sync Driver Revision: 1.18 TCP (HASH mode) Revision: 1.14 TCP Utils Revision: 1.13 PPP Revision: 1.19 WEB Revision: 1.5 SMTP Revision: 1.1 FTP Client Revision: 1.5 FTP Revision: 1.4 IKE Revision: 1.0 PollANS Revision: 1.2 PPPOE Revision: 1.0 BRIDGE Revision: 1.1 MODEM CC (Ericsson 3G) Revision: 1.4 FLASH Write Revision: 1.2 Command Interpreter Revision: 1.38 SSLCLI Revision: 1.0 OSPF Revision: 1.0 BGP Revision: 1.0 QOS Revision: 1.0 RADIUS Client Revision: 1.0 SSH Server Revision: 1.0 SCP Revision: 1.0 CERT Revision: 1.0 LowPrio Revision: 1.0 Tunnel Revision: 1.2 QDL Revision: 1.0 Wi-Fi Revision: 2.0 idigi Revision: 1.0 OK 21

6.2 Cisco 3745 Cisco#sh ver Cisco Internetwork Operating System Software IOS (tm) 3700 Software (C3745-ADVIPSERVICESK9-M), Version 12.3(24), RELEASE SOFTWARE (fc4) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by cisco Systems, Inc. Compiled Thu 18-Oct-07 18:22 by stshen Image text-base: 0x60008AF4, data-base: 0x61F80000 ROM: ROMMON Emulation Microcode ROM: 3700 Software (C3745-ADVIPSERVICESK9-M), Version 12.3(24), RELEASE SOFTWARE (fc4) Cisco uptime is 24 minutes System returned to ROM by unknown reload cause - suspect boot_data[boot_count] 0x0, BOOT_COUNT 0, BOOTDATA 19 System image file is "tftp://255.255.255.255/unknown" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. cisco 3745 (R7000) processor (revision 2.0) with 120832K/10240K bytes of memory. Processor board ID XXXXXXXXXXX R7000 CPU at 100MHz, Implementation 39, Rev 2.1, 256KB L2, 512KB L3 Cache Bridging software. X.25 software, Version 3.0.0. 3 FastEthernet/IEEE 802.3 interface(s) DRAM configuration is 64 bits wide with parity enabled. 151K bytes of non-volatile configuration memory. 16384K bytes of ATA System CompactFlash (Read/Write) Configuration register is 0x2102 Cisco# 22

7 CONFIGURATION FILES 7.1 Digi Transport WR44 config c show eth 0 descr "WAN" eth 0 IPaddr "10.0.149.217" eth 0 ipsec 1 eth 0 ipanon ON eth 1 descr "LAN" eth 1 IPaddr "10.0.36.203" eth 1 ipanon ON eth 2 IPaddr "10.1.51.4" eth 2 mask "255.255.0.0" lapb 0 ans OFF lapb 0 tinact 120 lapb 1 tinact 120 lapb 3 dtemode 0 lapb 4 dtemode 0 lapb 5 dtemode 0 lapb 6 dtemode 0 ip 0 cidr ON route 0 IPaddr "10.0.35.0" route 0 ll_ent "tun" def_route 0 ll_ent "ppp" def_route 0 ll_add 1 eroute 0 peerip "10.0.149.203" eroute 0 peerid "10.0.149.203" eroute 0 ourid "10.0.149.217" eroute 0 locip "10.0.149.217" eroute 0 locmsk "255.255.255.255" eroute 0 remip "10.0.149.203" eroute 0 remmsk "255.255.255.255" eroute 0 ESPauth "SHA1" eroute 0 ESPenc "MD5" eroute 0 ltime 3600 eroute 0 authmeth "PRESHARED" eroute 0 nosa "TRY" eroute 0 autosa 1 dhcp 0 IPmin "192.168.1.100" dhcp 0 mask "255.255.255.0" dhcp 0 gateway "192.168.1.1" dhcp 0 DNS "192.168.1.1" dhcp 0 respdelms 500 dyndns 0 epassword "atfwsbfeffecsri=" ppp 0 timeout 300 ppp 1 r_chap OFF ppp 1 IPaddr "0.0.0.0" ppp 1 phonenum "*98*1#" ppp 1 name "W-WAN (HSPA 3G)" ppp 1 timeout 0 ppp 1 use_modem 1 ppp 3 defpak 16 ppp 4 defpak 16 ike 0 encalg "3DES" ike 0 authalg "SHA1" ike 0 ltime 80000 ike 0 ikegroup 2 ike 0 deblevel 4 23

modemcc 0 info_asy_add 6 modemcc 0 init_str "+CGQREQ=1" modemcc 0 init_str1 "+CGQMIN=1" modemcc 0 apn "Your.APN.goes.here" modemcc 0 sms_interval 1 modemcc 0 sms_access 1 modemcc 0 sms_concat 0 modemcc 0 init_str_2 "+CGQREQ=1" modemcc 0 init_str1_2 "+CGQMIN=1" modemcc 0 apn_2 "Your.APN.goes.here" modemcc 0 link_retries_2 10 modemcc 0 stat_retries_2 30 ana 0 anon ON ana 0 l2on OFF ana 0 xoton OFF ana 0 lapdon 0 ana 0 lapbon 0 ana 0 ipfilt "23,80" ana 0 logsize 45 cmd 0 unitid "ss%s>" cmd 0 cmdnua "99" cmd 0 hostname "digi.router" cmd 0 asyled_mode 2 cmd 0 tremto 1200 user 0 epassword "atfwsbfeffecsri=" user 0 access 0 user 1 name "username" user 1 epassword "KD5lSVJDVVg=" user 1 access 0 user 2 name "10.0.149.203" user 2 epassword "GzZlWUodFQ8GCA==" user 2 access 0 user 10 epassword "Ig==" local 0 transaccess 2 sslsvr 0 certfile "cert01.pem" sslsvr 0 keyfile "privrsa.pem" ssh 0 hostkey1 "privssh.pem" ssh 0 nb_listen 5 ssh 0 v1 OFF tun 0 IPaddr "172.16.1.2" tun 0 mask "255.255.255.252" tun 0 source "10.0.149.217" tun 0 dest "10.0.149.203" tun 0 kadelay 3 Power Up Profile: 0 OK 24

7.2 Cisco 3745 Cisco#sh run Building configuration... Current configuration : 1250 bytes version 12.3 service timestamps debug datetime service timestamps log datetime no service password-encryption hostname Cisco boot-start-marker boot-end-marker logging buffered 4096 debugging no aaa new-model ip subnet-zero ip cef ip audit po max-events 100 crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key Cisco12345 address 0.0.0.0 0.0.0.0 crypto ipsec transform-set T1 esp-md5 esp-sha-hmac crypto ipsec profile P1 set transform-set T1 interface Tunnel0 ip address 172.16.1.1 255.255.255.252 ip ospf mtu-ignore load-interval 30 keepalive 3 3 tunnel source 10.0.149.203 tunnel destination 10.0.149.217 tunnel protection ipsec profile P1 interface FastEthernet0/0 description WAN ip address 10.0.149.203 255.255.255.0 speed auto full-duplex interface FastEthernet0/1 description LAN ip address 10.0.35.203 255.255.255.0 speed auto full-duplex 25

interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ip classless ip route 10.0.36.0 255.255.255.0 Tunnel0 no ip http server no ip http secure-server no cdp run line con 0 exec-timeout 3000 0 line aux 0 line vty 0 4 login end 26

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information