.

FlexVPN/FlexVPN_Remote_Access_AnyConnect.txt

@@ -0,0 +1,62 @@
+R1(config)#ip http server 
+
+R1(config)#crypto pki server R1CA
+R1(cs-server)#issuer-name cn="R1CA"
+R1(cs-server)#grant auto
+R1(cs-server)#no shutdown
+
+R1(config)#ip domain name NWL.LAB
+R1(config)#crypto pki trustpoint R1CLIENT
+R1(ca-trustpoint)#enrollment url http://192.168.1.1
+R1(ca-trustpoint)#subject-name cn=R1CLIENT.CONTOSO.COM
+R1(config)#crypto pki authenticate R1CLIENT
+R1(config)#crypto pki enroll R1CLIENT
+
+
+R1(config)#aaa new-model
+
+R1(config)#aaa authentication login AAA_AUTHENTICATION_LOGIN local
+R1(config)#aaa authorization network AAA_AUTHORIZATION_NETWORK local 
+
+R1(config)#username test password mojehaslo
+
+R1(config)#crypto ikev2 authorization policy IKEV2_AUTHORIZATION_POLICY
+R1(config-ikev2-author-policy)#pool VPN_POOL
+R1(config-ikev2-author-policy)#def-domain CONTOSO.COM
+R1(config-ikev2-author-policy)#route set remote ipv4 1.1.1.1 255.255.255.255
+R1(config-ikev2-author-policy)#dns 1.1.1.1
+R1(config)#ip local pool VPN_POOL 192.168.10.5 192.168.10.10
+
+	
+R1(config)#crypto ikev2 proposal IKEV2_PROPOSAL 
+R1(config-ikev2-proposal)#encryption aes-cbc-256
+R1(config-ikev2-proposal)#integrity sha256
+R1(config-ikev2-proposal)#group 14
+	
+R1(config)#crypto ikev2 policy default
+R1(config-ikev2-policy)#proposal IKEV2_PROPOSAL
+
+R1(config)#crypto ikev2 profile IKEV2_PROFILE
+R1(config-ikev2-profile)#match identity remote key-id *$AnyConnectClient$*
+R1(config-ikev2-profile)#authentication local rsa-sig
+R1(config-ikev2-profile)#authentication remote anyconnect-eap aggregate
+R1(config-ikev2-profile)#pki trustpoint R1-CLIENT
+R1(config-ikev2-profile)#aaa authentication anyconnect-eap AAA_AUTHENTICATION_LOGIN
+R1(config-ikev2-profile)#aaa authorization group anyconnect-eap list AAA_AUTHORIZATION_NETWORK IKEV2_AUTHORIZATION_POLICY
+R1(config-ikev2-profile)#virtual-template 1
+
+R1(config)#crypto ipsec transform-set TRANSFORM_SET esp-aes 256 esp-sha256-hmac      
+R1(cfg-crypto-trans)#mode tunnel
+
+R1(config)#crypto ipsec profile IKEV2_PROFILE
+R1(ipsec-profile)#set transform-set TRANSFORM_SET
+R1(ipsec-profile)#set ikev2-profile IKEV2_PROFILE
+
+R1(config)#interface Virtual-Template1 type tunnel
+R1(config-if)#ip unnumbered Loopback0
+R1(config-if)#ip mtu 1400
+R1(config-if)#tunnel mode ipsec ipv4
+R1(config-if)#tunnel protection ipsec profile IKEV2_PROFILE
+
+
+

FlexVPN/flexvpn1.txt

@@ -0,0 +1,37 @@
+crypto ikev2 keyring KEYR1
+peer R2
+address 198.51.100.2 
+pre-shared-key local Cisco
+pre-shared-key remote Cisco
+
+
+crypto ikev2 profile Profil1
+match identity remote address 198.51.100.2 255.255.255.255
+authentication local pre-share
+authentication remote pre-share
+keyring local KEYR1
+
+
+crypto ikev2 proposal ikeprop1
+integrity sha256 sha384 sha512
+group 14 15
+encryption aes-cbc-128 aes-cbc-256
+
+crypto ikev2 policy ikepol1
+proposal ikeprop1
+
+ip access-list extended ACLR2
+permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
+
+crypto ipsec transform-set TR1 esp-sha256-hmac esp-aes
+
+crypto map CM1 10 ipsec-isakmp
+match address ACLR2
+set peer 198.51.100.2
+set transform-set TR1
+set ikev2-profile Profil1
+
+
+int g0/1
+crypto map CM1
+

FlexVPN/flexvpn2.txt

@@ -0,0 +1,87 @@
+Dla R1 i R2:
+
+no int tunnel 1
+no router ospf 1
+
+
+Dla R1:
+interface Loopback1
+ ip address 172.16.1.1 255.255.255.0
+
+############################################
+Dla R1:
+crypto ikev2 keyring KEYR1
+peer R2
+address 198.51.100.2 
+pre-shared-key local Cisco
+pre-shared-key remote Cisco
+
+
+crypto ikev2 profile Profil1
+match identity remote address 198.51.100.2 255.255.255.255
+authentication local pre-share
+authentication remote pre-share
+keyring local KEYR1
+
+
+Dla R2:
+crypto ikev2 keyring KEYR1
+peer R1
+address 192.0.2.1
+pre-shared-key local Cisco
+pre-shared-key remote Cisco
+
+
+crypto ikev2 profile Profil1
+match identity remote address 192.0.2.1 255.255.255.255
+authentication local pre-share
+authentication remote pre-share
+keyring local KEYR1
+
+
+
+Dla R1:
+crypto ipsec transform-set TR1 esp-sha256-hmac esp-aes
+
+crypto ipsec profile IPprof1
+set transform-set TR1
+set ikev2-profile Profil1
+
+
+int tun 12
+ip add 10.0.12.1 255.255.255.0
+tunnel source 192.0.2.1
+tunnel destination 198.51.100.2
+tunnel protection ipsec profile IPprof1
+tunnel mode ipsec ipv4
+
+
+
+Dla R2:
+crypto ipsec transform-set TR1 esp-sha256-hmac esp-aes
+
+crypto ipsec profile IPprof1
+set transform-set TR1
+set ikev2-profile Profil1
+
+
+int tun 12
+ip add 10.0.12.2 255.255.255.0
+tunnel source 198.51.100.2
+tunnel destination 192.0.2.1
+tunnel protection ipsec profile IPprof1
+tunnel mode ipsec ipv4
+
+
+Dla R1:
+router eigrp 1
+network 10.0.12.0 0.0.0.255
+network 172.16.1.0 0.0.0.255
+
+Dla R2:
+router eigrp 1
+network 10.0.12.0 0.0.0.255
+network 172.16.2.0 0.0.0.255
+
+
+

FlexVPN/flexvpn3.txt

@@ -0,0 +1,105 @@
+FLexVPN HUB-SPOKE
+Dla R2, R3, R4:
+crypto ikev2 keyring KEYR1
+peer R1
+address 192.0.2.1
+pre-shared-key local Cisco
+pre-shared-key remote Cisco
+
+crypto ikev2 profile Profil1
+match identity remote address 192.0.2.1 255.255.255.255
+authentication local pre-share
+authentication remote pre-share
+keyring local KEYR1
+
+crypto ipsec transform-set TR1 esp-sha256-hmac esp-aes
+
+crypto ipsec profile IPprof1
+set transform-set TR1
+set ikev2-profile Profil1
+
+#####
+
+Dla R2:
+int loopback 3
+ip add 2.2.2.2 255.255.255.255
+
+Dla R3:
+int loopback 3
+ip add 3.3.3.3 255.255.255.255
+
+Dla R4:
+int loopback 3
+ip add 4.4.4.4 255.255.255.255
+
+Dla wszystkich Spoke (R2, R3, R4):
+int tun 12
+ip unnumbered loopback 3
+tunnel source g0/1
+tunnel destination 192.0.2.1
+tunnel protection ipsec profile IPprof1
+
+#####
+Koncentrator (R1):
+
+crypto ikev2 keyring KEYR1
+peer ANYROUTER
+address 0.0.0.0
+pre-shared-key local Cisco
+pre-shared-key remote Cisco
+
+crypto ikev2 profile Profil1
+match identity remote address 0.0.0.0 0.0.0.0
+authentication local pre-share
+authentication remote pre-share
+keyring local KEYR1
+virtual-template 1
+
+
+crypto ipsec transform-set TR1 esp-sha256-hmac esp-aes
+
+crypto ipsec profile IPprof1
+set transform-set TR1
+set ikev2-profile Profil1
+
+int loopback 3
+ip add 1.1.1.1 255.255.255.255
+
+interface virtual-template 1 type tunnel
+tunnel source g0/1
+ip unnumbered loopback 3
+tunnel protection ipsec profile IPprof1
+
+####
+Dla R1:
+router eigrp 1
+network 1.1.1.1 0.0.0.0
+
+Dla R2:
+router eigrp 1
+network 2.2.2.2 0.0.0.0
+network 172.16.2.0 0.0.0.255
+network 192.168.2.0 0.0.0.255
+
+Dla R3:
+router eigrp 1
+network 3.3.3.3 0.0.0.0
+network 172.16.3.0 0.0.0.255
+network 192.168.3.0 0.0.0.255
+
+Dla R4:
+router eigrp 1
+network 4.4.4.4 0.0.0.0
+network 172.16.4.0 0.0.0.255
+network 192.168.4.0 0.0.0.255
+
+
+
+
+
+
+
+
+
+
+

FlexVPN/flexvpn4.txt

@@ -0,0 +1,116 @@
+FLexVPN HUB-SPOKE
+Dla R2, R3, R4:
+crypto ikev2 keyring KEYR1
+peer R1
+address 192.0.2.1
+pre-shared-key local Cisco
+pre-shared-key remote Cisco
+
+crypto ikev2 profile Profil1
+match identity remote address 192.0.2.1 255.255.255.255
+authentication local pre-share
+authentication remote pre-share
+keyring local KEYR1
+aaa authorization group override psk list AUTHPOLICY1 AUTHPOLICY1
+
+crypto ipsec transform-set TR1 esp-sha256-hmac esp-aes
+
+crypto ipsec profile IPprof1
+set transform-set TR1
+set ikev2-profile Profil1
+
+
+aaa new-model
+aaa authorization network default local
+
+crypto ikev2 authorization policy AUTHPOLICY1
+route set interface
+
+
+#####
+
+
+Dla wszystkich Spoke (R2, R3, R4):
+int tun 12
+ip address negotiated
+tunnel source g0/1
+tunnel destination 192.0.2.1
+tunnel protection ipsec profile IPprof1
+
+#####
+Koncentrator (R1):
+
+crypto ikev2 keyring KEYR1
+peer ANYROUTER
+address 0.0.0.0
+pre-shared-key local Cisco
+pre-shared-key remote Cisco
+
+
+
+crypto ipsec transform-set TR1 esp-sha256-hmac esp-aes
+
+crypto ipsec profile IPprof1
+set transform-set TR1
+set ikev2-profile Profil1
+
+int loopback 3
+ip add 1.1.1.1 255.255.255.0
+
+interface virtual-template 1 type tunnel
+tunnel source g0/1
+ip unnumbered loopback 3
+tunnel protection ipsec profile IPprof1
+
+
+ip local pool PULAIP 1.1.1.2 1.1.1.10
+
+aaa new-model
+aaa authorization network default local
+
+crypto ikev2 authorization policy AUTHPOLICY1
+pool PULAIP
+route set interface
+
+crypto ikev2 profile Profil1
+match identity remote address 0.0.0.0 0.0.0.0
+authentication local pre-share
+authentication remote pre-share
+keyring local KEYR1
+virtual-template 1
+aaa authorization group override psk list AUTHPOLICY1 AUTHPOLICY1
+
+
+####
+Dla R1:
+router eigrp 1
+network 1.1.1.0 0.0.0.255
+
+Dla R2:
+router eigrp 1
+network 1.1.1.0 0.0.0.255
+network 172.16.2.0 0.0.0.255
+network 192.168.2.0 0.0.0.255
+
+Dla R3:
+router eigrp 1
+network 1.1.1.0 0.0.0.255
+network 172.16.3.0 0.0.0.255
+network 192.168.3.0 0.0.0.255
+
+Dla R4:
+router eigrp 1
+network 1.1.1.0 0.0.0.255
+network 172.16.4.0 0.0.0.255
+network 192.168.4.0 0.0.0.255
+
+
+
+
+
+
+
+
+
+
+

FlexVPN/flexvpn5.txt

@@ -0,0 +1,138 @@
+FLexVPN SPOKE-SPOKE
+Dla R2, R3, R4:
+
+crypto ikev2 keyring KEYR1
+peer ANYPEER
+address 0.0.0.0
+pre-shared-key local Cisco
+pre-shared-key remote Cisco
+
+crypto ikev2 profile Profil1
+match identity remote address 0.0.0.0 0.0.0.0
+authentication local pre-share
+authentication remote pre-share
+keyring local KEYR1
+aaa authorization group override psk list AUTHPOLICY1 AUTHPOLICY1
+
+crypto ipsec transform-set TR1 esp-sha256-hmac esp-aes
+
+crypto ipsec profile IPprof1
+set transform-set TR1
+set ikev2-profile Profil1
+
+
+aaa new-model
+aaa authorization network default local
+
+crypto ikev2 authorization policy AUTHPOLICY1
+route set interface
+
+
+#####
+
+
+Dla wszystkich Spoke (R2, R3, R4):
+int tun 12
+ip address negotiated
+tunnel source g0/1
+tunnel destination 192.0.2.1
+tunnel protection ipsec profile IPprof1
+ip nhrp network-id 1
+ip nhrp shortcut virtual-template 12
+
+
+int virtual-template 12 type tunnel 
+ip unnumbered tunnel 12
+tunnel source g0/1
+ip nhrp network-id 1
+ip nhrp shortcut virtual-template 12
+tunnel protection ipsec profile IPprof1
+
+
+
+
+#####
+Koncentrator (R1):
+
+
+int loopback 3
+ip add 1.1.1.1 255.255.255.0
+
+ip local pool PULAIP 1.1.1.2 1.1.1.10
+
+aaa new-model
+aaa authorization network default local
+
+
+crypto ikev2 authorization policy AUTHPOLICY1
+pool PULAIP
+route set interface
+
+
+crypto ikev2 keyring KEYR1
+peer ANYPEER
+address 0.0.0.0
+pre-shared-key local Cisco
+pre-shared-key remote Cisco
+
+crypto ikev2 profile Profil1
+match identity remote address 0.0.0.0 0.0.0.0
+authentication local pre-share
+authentication remote pre-share
+keyring local KEYR1
+virtual-template 1
+aaa authorization group override psk list AUTHPOLICY1 AUTHPOLICY1
+
+crypto ipsec transform-set TR1 esp-sha256-hmac esp-aes
+
+crypto ipsec profile IPprof1
+set transform-set TR1
+set ikev2-profile Profil1
+
+
+
+interface virtual-template 1 type tunnel
+tunnel source g0/1
+ip unnumbered loopback 3
+tunnel protection ipsec profile IPprof1
+ip nhrp network-id 1
+ip nhrp redirect
+
+
+
+
+
+
+####
+Dla R1:
+router eigrp 1
+network 1.1.1.0 0.0.0.255
+
+Dla R2:
+router eigrp 1
+network 1.1.1.0 0.0.0.255
+network 172.16.2.0 0.0.0.255
+network 192.168.2.0 0.0.0.255
+
+Dla R3:
+router eigrp 1
+network 1.1.1.0 0.0.0.255
+network 172.16.3.0 0.0.0.255
+network 192.168.3.0 0.0.0.255
+
+Dla R4:
+router eigrp 1
+network 1.1.1.0 0.0.0.255
+network 172.16.4.0 0.0.0.255
+network 192.168.4.0 0.0.0.255
+
+
+
+
+
+
+
+
+
+
+