<> [On Ranet BR (via console)] : (Go to Desktop Tab > Terminal) Ranet-BR>en Ranet-BR#conf t Enter configuration commands, one per line. End with CNTL/Z. Ranet-BR(config)#int fa0/0 Ranet-BR(config-if)#no sh %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up Ranet-BR(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up Ranet-BR(config-if)#ip add 192.168.1.1 255.255.255.240 Ranet-BR(config-if)#ip nat inside Ranet-BR(config-if)#int s0/0/0 Ranet-BR(config-if)#no sh %LINK-5-CHANGED: Interface Serial0/0/0, changed state to up Ranet-BR(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to up Ranet-BR(config-if)#ip add 202.170.100.30 255.255.255.252 Ranet-BR(config-if)#ip nat outside Ranet-BR(config-if)#exit Ranet-BR(config)#ip route 0.0.0.0 0.0.0.0 s0/0/0 Ranet-BR(config)#access-list 100 deny ip 192.168.1.0 0.0.0.15 192.168.0.0 0.0.0.255 Ranet-BR(config)#access-list 100 permit ip 192.168.1.0 0.0.0.15 any Ranet-BR(config)#ip nat pool Ranet 202.170.100.9 202.170.100.14 netmask 255.255.255.248 Ranet-BR(config)#ip nat inside source list 100 pool Ranet overload Ranet-BR(config)#crypto isakmp policy 101 Ranet-BR(config-isakmp)#encryption aes 128 Ranet-BR(config-isakmp)#hash sha Ranet-BR(config-isakmp)#authentication pre-share Ranet-BR(config-isakmp)#group 5 Ranet-BR(config-isakmp)#lifetime 86400 Ranet-BR(config-isakmp)#exit Ranet-BR(config)#crypto isakmp key ranetvpnpass address 202.170.100.130 Ranet-BR(config)#access-list 101 permit ip 192.168.1.0 0.0.0.15 192.168.0.0 0.0.0.255 Ranet-BR(config)#crypto ipsec transform-set Ranet esp-aes esp-sha-hmac Ranet-BR(config)#crypto map Site-to-Site 101 ipsec-isakmp % NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured. Ranet-BR(config-crypto-map)#set peer 202.170.100.130 Ranet-BR(config-crypto-map)#set transform-set Ranet Ranet-BR(config-crypto-map)#match address 101 Ranet-BR(config-crypto-map)#exit Ranet-BR(config)#int s0/0/0 Ranet-BR(config-if)#crypto map Site-to-Site *Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON Ranet-BR(config-if)#end Ranet-BR# %SYS-5-CONFIG_I: Configured from console by console Ranet-BR#sh crypto isakmp policy Global IKE policy Protection suite of priority 101 encryption algorithm: AES - Advanced Encryption Standard (128 bit keys). hash algorithm: Secure Hash Standard authentication method: Pre-Shared Key Diffie-Hellman group: #5 (1536 bit) lifetime: 86400 seconds, no volume limit Default protection suite encryption algorithm: DES - Data Encryption Standard (56 bit keys). hash algorithm: Secure Hash Standard authentication method: Rivest-Shamir-Adleman Signature Diffie-Hellman group: #1 (768 bit) lifetime: 86400 seconds, no volume limit Ranet-BR#sh crypto ipsec sa interface: Serial0/0/0 Crypto map tag: Site-to-Site, local addr 202.170.100.30 protected vrf: (none) local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.240/0/0) remote ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0) current_peer 202.170.100.130 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0 local crypto endpt.: 202.170.100.30, remote crypto endpt.:202.170.100.130 path mtu 1500, ip mtu 1500, ip mtu idb Serial0/0/0 current outbound spi: 0x0(0) inbound esp sas: inbound ah sas: inbound pcp sas: outbound esp sas: outbound ah sas: outbound pcp sas: Ranet-BR#copy run start Destination filename [startup-config]? Building configuration... [OK] Ranet-BR# [On Ranet-Host] : (Go to Desktop Tab > IP Configuration) IP Address: 192.168.1.14 Subnet Mask 255.255.255.240 Default Gateway: 192.168.1.1 DNS Server: 202.170.100.54 (Go to Desktop Tab > Command Prompt) Packet Tracer PC Command Line 1.0 PC>ping 192.168.0.7 Pinging 192.168.0.7 with 32 bytes of data: Request timed out. Request timed out. Reply from 192.168.0.7: bytes=32 time=32ms TTL=126 Reply from 192.168.0.7: bytes=32 time=31ms TTL=126 Ping statistics for 192.168.0.7: Packets: Sent = 4, Received = 2, Lost = 2 (50% loss), Approximate round trip times in milli-seconds: Minimum = 31ms, Maximum = 32ms, Average = 31ms PC> (Go to Desktop Tab > Web Browser) URL: www.ranet.co.th Output: RANET Co.,Ltd. - Ranet Co.,Ltd. We make iT easy! :) [On Ranet BR (via console)] : (Go to Desktop Tab > Terminal) Ranet-BR#sh ip nat translations Pro Inside global Inside local Outside local Outside global udp 202.170.100.9:1025 192.168.1.14:1025 202.170.100.54:53 202.170.100.54:53 tcp 202.170.100.9:1025 192.168.1.14:1025 202.170.100.70:80 202.170.100.70:80 Ranet-BR#sh crypto ipsec sa interface: Serial0/0/0 Crypto map tag: Site-to-Site, local addr 202.170.100.30 protected vrf: (none) local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.240/0/0) remote ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0) current_peer 202.170.100.130 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 3, #pkts encrypt: 3, #pkts digest: 0 #pkts decaps: 2, #pkts decrypt: 2, #pkts verify: 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 1, #recv errors 0 local crypto endpt.: 202.170.100.30, remote crypto endpt.:202.170.100.130 path mtu 1500, ip mtu 1500, ip mtu idb Serial0/0/0 current outbound spi: 0x593A3356(1496986454) inbound esp sas: spi: 0x17D06856(399534166) transform: esp-aes esp-sha-hmac , in use settings ={Tunnel, } conn id: 2004, flow_id: FPGA:1, crypto map: Site-to-Site sa timing: remaining key lifetime (k/sec): (4525504/3502) IV size: 16 bytes replay detection support: N Status: ACTIVE inbound ah sas: inbound pcp sas: outbound esp sas: spi: 0x593A3356(1496986454) transform: esp-aes esp-sha-hmac , in use settings ={Tunnel, } conn id: 2005, flow_id: FPGA:1, crypto map: Site-to-Site sa timing: remaining key lifetime (k/sec): (4525504/3502) IV size: 16 bytes replay detection support: N Status: ACTIVE outbound ah sas: outbound pcp sas: Ranet-BR#