ip address 10.1.1.1 255.255.255.0
no shut
ip route 0.0.0.0 0.0.0.0 10.1.1.2
ip address 10.1.1.2 255.255.255.0
ip nat inside
ip address 202.100.1.2 255.255.255.0
ip nat outside
deny ip 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 160.1.1.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 any
ip address 202.100.1.3 255.255.255.0
ip address 202.100.2.3 255.255.255.0
ip address 192.168.1.4 255.255.255.0
ip nat inside
ip address 202.100.2.4 255.255.255.0
ip nat outside
ip address 172.16.1.2 255.255.255.252
deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 160.1.1.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
interface Ethernet0/0
ip address 172.16.1.1 255.255.255.252
ip nat enable
ip nat enable
permit ip 192.168.1.0 0.0.0.255 160.1.1.0 0.0.0.255
Trying 160.1.1.6 ... Open
User Access Verification
Password:
Partner>show users
Line User Host(s) Idle Location
0 con 0 idle 00:00:42
*130 vty 0 idle 00:00:00 172.16.1.2
Interface User Mode Idle Peer Address
Partner>
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 202.100.2.4
crypto ipsec transform-set transet esp-des esp-md5-hmac
set transform-set transet
interface Tunnel0
ip address 123.1.1.1 255.255.255.0
tunnel source Ethernet0/1
tunnel destination 202.100.2.4
ip route 192.168.1.0 255.255.255.0 Tunnel0
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 202.100.1.2
crypto ipsec transform-set transet esp-des esp-md5-hmac
set transform-set transet
ip address 123.1.1.2 255.255.255.0
tunnel source Ethernet0/1
tunnel destination 202.100.1.2
tunnel protection ipsec profile Ipsec_prfile
ip route 10.1.1.0 255.255.255.0 Tunnel0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 120/182/264 ms
Branch_Inside#
*Mar 1 10:07:25.293: ICMP: echo reply sent, src 192.168.1.5, dst 10.1.1.1
*Mar 1 10:07:25.561: ICMP: echo reply sent, src 192.168.1.5, dst 10.1.1.1
*Mar 1 10:07:25.701: ICMP: echo reply sent, src 192.168.1.5, dst 10.1.1.1
*Mar 1 10:07:25.809: ICMP: echo reply sent, src 192.168.1.5, dst 10.1.1.1
ip nat enable
permit ip 10.1.1.0 0.0.0.255 160.1.1.0 0.0.0.255
Trying 160.1.1.6 ... Open
User Access Verification
Password:
Partner>show users
Line User Host(s) Idle Location
0 con 0 idle 09:00:47
*130 vty 0 idle 00:00:00 172.16.1.2
Interface User Mode Idle Peer Address
Partner>