IPSec VPN Paloalto vs CIsco
Phase-1
-----------------------
crypto isa policy 10
authentication pre-share
group 2
encryption aes 256
hash sha
exit
Phase-2
---------
no crypto ipsec transform-set SET1 esp-aes 256 esp-sha-hmac
crypto ipsec transform-set SET1 esp-aes 192 esp-sha-hmac
exi
!
crypto isakmp key 123456 address 10.0.137.254
exi
!
crypto map MAP1 10 ipsec-isakmp
set peer 10.0.137.254
set transform-set SET1
match address VPN
exit
!
interface eth0/0
crypto map MAP1
exit
ip access-list extended VPN
!
permit ip 192.168.200.0 0.0.0.255 172.16.10.0 0.0.0.255
permit ip 172.16.10.0 0.0.0.255 192.168.200.0 0.0.0.255
------------------------------------
VERIFIKASI:
sh run | s crypto
show crypto session detail
-----------
palo-fw
test vpn ike-sa gateway IKE-VPN-LAB
show vpn ike-sa
test vpn ipsec-sa tunnel [IPSec-Tunnel-LAB:Traffic-Share]
show vpn ipsec-sa
show vpn gateway
Posting Komentar untuk "IPSec VPN Paloalto vs CIsco"