Hello, I have a router (ASR1001-x) that was configured for both remote access as well as a tunnel to Amazon VPC where we had Direct Connect. The crypto stuff is a little beyond me and I'm just wondering how one is able to remotely connect.
For starters in the config the vty is as follows:
line con 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 access-class VTY_IN in exec-timeout 0 0 logging synchronous login local line vty 5 97 access-class VTY_IN in exec-timeout 0 0 logging synchronous login local
VTY_IN is the access list.
and the crypto is setup as follows:
crypto keyring <keyring name> local-address <amazon DXCON default gateway> pre-shared-key address 52.4.x.x key <key goes here> ! crypto isakmp keepalive 10 crypto isakmp profile <profile name here> keyring <keyring name> match identity address 52.4.x.x 255.255.255.255 local-address <amazon DXCON default gateway> ! crypto ipsec security-association replay window-size 128 ! crypto ipsec transform-set <ipsec name> esp-aes 256 esp-sha-hmac mode tunnel crypto ipsec df-bit clear ! crypto ipsec profile <ipsec name> set transform-set <ipsec name> set pfs group2
This stuff to me seems all related to the amazon dxcon tunnel. I'm unsure how anyone was able to remote in.
No comments:
Post a Comment