Use Case For Site-To- Site Vpn - Motorola WS5100 Series Migration Giude

6. Create a transform set.
WS5100(config)#crypto ipsec transform-set windows esp-3des esp-sha-hmac
WS5100(config-crypto-ipsec)#mode transport
7. Specify dynamic crypto map.
WS5100(config)#crypto map TestMap 30 ipsec-isakmp dynamic
WS5100(config-crypto-map)#set peer 0.0.0.0
WS5100(config-crypto-map)#match address 101
WS5100(config-crypto-map)#set transformset windows
WS5100(config-crypto-map)#set remote-type ipsec-l2tp
8. Apply the cryto map to interface vlan2.
WS5100(config)#interface vlan2
WS5100(config-if)cryto map TestMap
NOTE: Configure the default WIndows-XP client on the mobile unit, refer to
Configuration for Windows XP Client on page
configuration and connect to the WS5100 Switch.
9. On successful connection the XP client will get a virtual IP address.
NOTE: To access external trusted hosts, you need to either:
• change the default gateway on these trusted hosts to the WS5100s VLAN3 interface IP
(address) OR
• Add a route entry.

11.7 Use Case for Site-to- Site VPN

The intranets use unregistered addresses and are connected over the public Internet by site-to-site VPN. In
this scenario NAT is required for the connections to the public Internet. However NAT is not required for
traffic between the two intranets, which can be transmitted using a VPN tunnel over the public Internet.
11-13, on completion of the above
11-33
VPN
Special