24.04.2008
Vyatta Configuration
set interfaces ethernet eth0 address 192.168.50.2/24 set interfaces ethernet eth1 address 192.168.10.1/24 set service ssh protocol-version 2 commit
set system host-name HQ set protocols static route 0.0.0.0/0 next-hop 192.168.50.1
set service nat rule 10 type masquerade set service nat rule 10 source address 192.168.10.0/24 set service nat rule 10 outbound-interface eth0 commit
set interfaces loopback lo address 192.168.200.1/24 set interfaces loopback lo address 192.168.210.1/24 commit
set interfaces tunnel tun1 set interfaces tunnel tun1 address 192.168.111.1/30 set interfaces tunnel tun1 description "IPIP Tunnel to Branch1" set interfaces tunnel tun1 encapsulation ipip set interfaces tunnel tun1 local-ip 192.168.200.1 set interfaces tunnel tun1 remote-ip 192.168.220.1
set interfaces tunnel tun2 set interfaces tunnel tun2 address 192.168.121.1/30 set interfaces tunnel tun2 description "IPIP Tunnel to Branch2" set interfaces tunnel tun2 encapsulation ipip set interfaces tunnel tun2 local-ip 192.168.210.1 set interfaces tunnel tun2 remote-ip 192.168.230.1
set vpn ipsec ipsec-interfaces interface eth0
set vpn ipsec ike-group IKE-IPIP proposal 1 set vpn ipsec ike-group IKE-IPIP proposal 1 encryption aes128 set vpn ipsec ike-group IKE-IPIP proposal 1 hash sha1 set vpn ipsec ike-group IKE-IPIP proposal 1 dh-group 5 set vpn ipsec ike-group IKE-IPIP lifetime 28800
set vpn ipsec esp-group ESP-IPIP proposal 1 set vpn ipsec esp-group ESP-IPIP proposal 1 encryption aes128 set vpn ipsec esp-group ESP-IPIP proposal 1 hash sha1 set vpn ipsec esp-group ESP-IPIP pfs set vpn ipsec esp-group ESP-IPIP lifetime 3600
set vpn ipsec site-to-site peer 192.168.60.2 authentication mode pre-shared-secret edit vpn ipsec site-to-site peer 192.168.60.2 set authentication pre-shared-secret 12345 set ike-group IKE-IPIP set local-ip 192.168.50.2 set tunnel 1 local-subnet 192.168.200.1/32 set tunnel 1 remote-subnet 192.168.220.1/32 set tunnel 1 esp-group ESP-IPIP top
set vpn ipsec site-to-site peer 192.168.70.2 authentication mode pre-shared-secret edit vpn ipsec site-to-site peer 192.168.70.2 set authentication pre-shared-secret 67890 set ike-group IKE-IPIP set local-ip 192.168.50.2 set tunnel 1 local-subnet 192.168.210.1/32 set tunnel 1 remote-subnet 192.168.230.1/32 set tunnel 1 esp-group ESP-IPIP top commit
set protocols ospf area 100 set protocols ospf area 100 network 192.168.10.0/24 set protocols ospf area 100 network 192.168.111.0/30 set protocols ospf area 100 network 192.168.121.0/30 set protocols ospf log-adjacency-changes commit save
|