Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • How To - Cyberoam and Cisco Router Using Preshared Key

    Загружено:

    sanjay
    45 просмотров6 страниц
    cyberoam

    Оригинальное название

    How to - Cyberoam and Cisco Router Using Preshared Key (1)

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    cyberoam

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    45 просмотров6 страниц

    How To - Cyberoam and Cisco Router Using Preshared Key

    Загружено:

    sanjay
    cyberoam

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 6

    How To Establish Site-to-Site IPSec Connection between

    Cyberoam and Cisco Router (through Command Line) using


    How To Establish Site-to-Site
    Preshared IPSec Connection
    key between CR and Cisco Router using Preshared Key

    Applicable Version: 10.00 onwards

    Scenario
    Set up a Site-to-Site IPSec VPN connection between Cyberoam and Cisco Router using Preshared
    Key to authenticate VPN peers. Throughout the article we have used network parameters as shown in
    the diagram below.

    This article has Two (2) sections:

    Cisco Configuration
    Cyberoam Configuration

    Cisco Configuration
    Configure Cisco Router by following the steps given below.

    Step 1: Logon to the CLI of Cisco Router with Enable privilege

    Cisco> en
    Password: ******

    Cisco# conf t
    How To Establish Site-to-Site IPSec Connection between CR and Cisco Router using Preshared Key

    Step 2: Configuring IKE Parameters

    crypto isakmp policy 10

    encryption 3des

    hash md5

    authentication pre-share

    group 2

    lifetime 28800

    crypto isakmp key 12abcde34 address 223.255.246.212

    You can verify the IKE Parameters you configured by executing the following command:

    show crypto isakmp policy

    Step 3: Define Access-list to allow IPSec tunnel traffic

    access-list 100 permit ip 172.50.50.0 0.0.0.255 172.16.16.0 0.0.0.255

    Step 4: Configuring IPSec Parameters

    crypto ipsec transform-set dlhtransform ESP-3des ESP-md5-hmac

    crypto map dhhmap 10 ipsec-isakmp

    match address 100

    set peer 202.134.168.202

    set transform-set dlhtransform

    set pfs group2

    set security-association lifetime seconds 86400

    Note:

    This new crypto map will remain disabled until a peer and a valid access-list has been configured.

    You can view the crypto map by executing the following command:

    show crypto map

    Step 5: Apply cryptomap on WAN interface

    cisco(config)# interface fastethernet 0/1


    How To Establish Site-to-Site IPSec Connection between CR and Cisco Router using Preshared Key

    Cisco (config-if) #crypto map dhhmap

    Once the configuration is done, the following message is displayed

    %crypto-6-ISAKMP_ON_OFF: ISAKMP is ON

    You can check the IPSec negotiation by executing the following commands:

    debug crypto isakmp

    debug crypto ipsec

    Cyberoam Configuration
    After configuration of VPN connection on Cisco Router, configure IPSec connection in Cyberoam. You
    can configure IPSec in Cyberoam by following the steps given below. Logon to Cyberoam Web Admin
    Console as an administrator having read-write permission for relevant features.

    Step 1: Configure IPSec Connection


    Go to VPN > IPSec > Connection and click Add to create a new connection using parameters given
    below.

    Parameter Description

    Parameter Value Description


    Name CR_to_Cisco Name to identify the IPSec Connection
    Select Type of connection.
    Available Options:
    Connection Type Site to Site - Remote Access
    - Site to Site
    - Host to Host
    Policy DefaultBranchOffice Select policy to be used for connection
    How To Establish Site-to-Site IPSec Connection between CR and Cisco Router using Preshared Key

    Select the action for the connection.


    Available options:
    Action on VPN Restart Initiate - Respond Only
    - Initiate
    - Disable
    Authentication details
    Select Authentication Type. Authentication of user
    Authentication Type Preshared Key
    depends on the connection type.
    <Same as
    Preshared key should be the same as that configured in
    Preshared Key mentioned in Cisco
    WatchGuard Appliance.
    Router>
    Endpoints Details
    PortB-
    Local Select local port which acts as end-point to the tunnel
    202.134.168.202
    Remote 202.134.168.208 Specify IP address of WatchGuards Gateway.
    Local Network Details
    Select Local LAN Address. Add and Remove LAN
    Local Subnet 172.16.16.0/24
    Address using Add Button and Remove Button
    Remote Network Details
    Select IP addresses and netmask behind WatchGuard
    Remote LAN Network 172.50.50.0/24
    Appliance.
    How To Establish Site-to-Site IPSec Connection between CR and Cisco Router using Preshared Key

    Click OK to create the connection.


    How To Establish Site-to-Site IPSec Connection between CR and Cisco Router using Preshared Key

    Step 2: Activate IPSec Connection

    Go to VPN > IPSec > Connection and click under Active and Connection heads against
    CR_to_Cisco connection, created in step 1.

    Under the Active status indicates that the connection is successfully activated.
    Under the Connection status indicates that the connection is successfully established.

    Document Version: 1.0 5 August, 2014

    Вам также может понравиться