Caserver#sh run
Building configuration...
Current configuration : 2541 bytes
!
! Last configuration change at 19:18:56 UTC Mon Mar 3 2008
! NVRAM config last updated at 19:18:57 UTC Mon Mar 3 2008
!
version 12.3
!
hostname CAserver
!
!
crypto pki server vpnca
issuer-name CN=vpnca.com
grant auto
!
crypto pki trustpoint vpnca
revocation-check crl
rsakeypair vpnca
!
!
crypto pki certificate chain vpnca
certificate ca 01
30820201 3082016A A0030201 02020101 300D0609 2A864886 F70D0101 04050030
14311230 10060355 04031309 76706E63 612E636F 6D301E17 0D303830 33303331
39313833 335A170D 31313033 30333139 31383333 5A301431 12301006 03550403
13097670 6E63612E 636F6D30 819F300D 06092A86 4886F70D 01010105 0003818D
00308189 02818100 CC053776 D7896EEC 5A69E9AF D8FBC323 7E5F7FB1
quit
!
interface FastEthernet0/0
ip address 172.30.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.30.2.1 255.255.255.0
!
ip http server
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
ntp master
end
R1#show run
Building configuration...
Current configuration : 3864 bytes
!
version 12.3
!
hostname R1
!
!
ip domain name cisco.com
ip host caserver 172.30.1.1
no ip ips deny-action ips-interface
!
no ftp-server write-enable
!
crypto pki trustpoint CA
enrollment url http://172.30.1.1:80
revocation-check crl
!
crypto pki certificate chain CA
certificate 02
308201B2 3082011B A0030201 02020102 300D0609 2A864886 F70D0101 04050030
14311230 10060355 04031309 76706E63 612E636F 6D301E17 0D303830 33303331
39323230 385A170D 30393033 30333139 32323038 5A301D31 1B301906 092A8648
86F70D01 0902160C 52312E63 6973636F 2E636F6D 305C300D 06092A86 4886F70D
quit
D7EA61A7 8D
quit
!
crypto isakmp policy 1
encr 3des
hash md5
group 2
lifetime 36000
no crypto isakmp ccm
!
crypto ipsec transform-set VPN esp-des
!
crypto map VPN 1 ipsec-isakmp
set peer 172.30.2.2
set transform-set VPN
match address 100
!
interface FastEthernet0/0
ip address 172.30.1.2 255.255.255.0
duplex auto
speed auto
crypto map VPN
!
interface FastEthernet0/1
ip address 10.0.1.1 255.255.255.0
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.30.1.1
ip http server
!
access-list 100 permit ip 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255
!
line con 0
line aux 0
line vty 0 4
login
!
warm-reboot
ntp clock-period 17180208
ntp server 172.30.1.1
end
R1#show cry pki cer
Certificate
Status: Available
Certificate Serial Number: 02
Certificate Usage: General Purpose
Issuer:
cn=vpnca.com
Subject:
Name: R1.cisco.com
hostname=R1.cisco.com
Validity Date:
start date: 19:22:08 UTC Mar 3 2008
end date: 19:22:08 UTC Mar 3 2009
Associated Trustpoints: CA
CA Certificate
Status: Available
Certificate Serial Number: 01
Certificate Usage: Signature
Issuer:
cn=vpnca.com
Subject:
cn=vpnca.com
Validity Date:
start date: 19:18:33 UTC Mar 3 2008
end date: 19:18:33 UTC Mar 3 2011
Associated Trustpoints: CA
R3#sh run
Building configuration...
Current configuration : 4011 bytes
!
version 12.3
!
hostname R3
!
ip domain name cisco1.com
ip host vpnca 172.30.2.1
no ip ips deny-action ips-interface
!
crypto pki trustpoint vpnca
enrollment url http://172.30.2.1:80
revocation-check crl
!
!
crypto pki certificate chain vpnca
certificate 03
308201B3 3082011C A0030201 02020103 300D0609 2A864886 F70D0101 04050030
14311230 10060355 04031309 76706E63 612E636F 6D301E17 0D303830 33303331
2953891F 85631115 A2D62E16 C87770F0 277F0075 E34DA8BC 84E92C5D 516DAE89
5747473E 86CE6602 00ABAD19 5431EFD9 D80327FB 1577C2
quit
certificate ca 01
D7EA61A7 8D
quit
!
--More-- !
!
crypto isakmp policy 10
encr 3des
hash md5
group 2
lifetime 36000
no crypto isakmp ccm
!
crypto ipsec transform-set SNRS esp-des
!
crypto map SNRS-MAP 10 ipsec-isakmp
set peer 172.30.1.2
set transform-set SNRS
match address 101
!
!
interface FastEthernet0/0
ip address 10.0.2.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.30.2.2 255.255.255.0
duplex auto
speed auto
crypto map SNRS-MAP
!
interface Serial0/1/0
no ip address
shutdown
no fair-queue
clockrate 2000000
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.30.2.1
!
ip http server
no ip http secure-server
!
access-list 101 permit ip 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255
!
warm-reboot
ntp clock-period 17179862
ntp server 172.30.2.1
end
Comment