NTP CONFIGURATION
Internet(NTP SERVER)::
clock set 14:06:00 18 NOV 2013
ntp master 1
ntp authentication-key 1 md5 cisco
ntp trusted-key 1
ntp authenticate
R2::
ntp server 2.2.2.5
ntp authentication-key 1 md5 cisco
ntp trusted-key 1
ntp authenticate
R3::
ntp server 3.3.3.5
ntp authentication-key 1 md5 cisco
ntp trusted-key 1
ntp authenticate
ASA1:
ntp server 1.1.1.5
ntp authentication-key 1 md5 cisco
ntp trusted-key 1
ntp authenticate
CERTIFICATE CONFIGURATIONS
ASA3::
access-list outside_in permit udp host 3.3.3.5 host 172.16.3.1 eq 123
access-list outside_in permit tcp host 1.1.1.10 host 172.16.3.1 eq 80
access-list outside_in permit tcp host 2.2.2.1 host 172.16.3.1 eq 80
access-group outside_in in interface outside
CA SERVER(R3)::
ip http server
crypto key generate rsa modulous 1024
crypto pki server CA_Server
issuer-name CN=ca_server OU=cisco C=India S=Karnataka L=Bangalore
lifetime ca_certificate 3
lifetime certificate 2
grant auto
no shut
R2::
crypto pki trustpoint CA_Server
enrollment url http://172.16.3.1
revocation-check none
crypto pki authenticate CA_Server
YES
crypto pki enroll CA_Server
YES
ASA1::
crypto ca trustpoint CA_Server
enrollment url http://172.16.3.1
revocation-check none
crypto ca authenticate CA_Server
YES
crypto key generate rsa modulus 768
crypto ca enroll CA_Server
YES
VPN CONFIGURATION
R2::
access-list 101 permit ip host 2.2.2.1 host 1.1.1.10
crypto isakmp policy 10
authentication rsa-sig
encryption 3DES
hash sha
group 1
!
crypto ipsec transform-set TSET esp-3des esp-sha-hmac
mode transport
!
crypto map CMAP 10 ipsec-isakmp
set transform-set TSET
set peer 1.1.1.10
match address 101
!
int f0/0
crypto map CMAP
ASA1::
access-list 101 permit ip host 1.1.1.10 host 2.2.2.1
crypto isakmp policy 10
authentication rsa-sig
encryption 3DES
hash sha
group 1
!
crypto ipsec transform-set TSET esp-3des esp-sha-hmac
crypto ipsec transform-set TSET mode transport
tunnel-group 2.2.2.1 type ipsec-l2l
tunnel-group 2.2.2.1 ipsec-attributes
peer-id-validate nocheck
trustpoint CA_Server
crypto map CMAP 10 set transform-set TSET
crypto map CMAP 10 set peer 2.2.2.1
crypto map CMAP 10 match address 101
crypto map CMAP 10 set trustpoint CA_Server
crypto map CMAP interface OUTSIDE
crypto isakmp enable OUTSIDE