domingo, 18 de octubre de 2015

VPN IPSEC

Vpn ipsec es un conjunto de protocolos que se creo para tener una comunicacion segura en redes privadas virtuales.
es unicast




CONFIGURACION DE VPN IPSEC (CRYPTO ACL)
FASE 1
R1(config)# crypto isakmp policy 10 ---
R1(config-isakmp)# authentication pre-share ---
R1(config-isakmp)# encryption aes 192 ---
R1(config-isakmp)# hash sha ---
R1(config-isakmp)# group 2 ---
R1(config-isakmp)#exit
R1(config)#crypto isakmp key ciscoclass address 11.0.0.6
R1(config)#do wr
FASE 2
R1(config)# crypto ipsec transform-set vpn-set ah-sha-hmac esp-aes
R1(config)# crypto map vpn-map 10 ipsec-isakmp

% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.

R1(config-crypto-map)# set peer 11.0.0.6
R1(config-crypto-map)# set transform-set vpn-set
R1(config-crypto-map)# match address 150
R1(config-crypto-map)# exit
R1(config)# int s0/2/0
R1(config-if)# crypto map vpn-map

*Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON

R1(config-if)# exit
R1(config)# access-list 150 permit gre host 11.0.0.1 host 11.0.0.6
R1(config)# do wr
Introducimos la misma configuracion en el router del otro extremo del tunel con los cambios de ip e interface correspondientes
FASE 1
R2(config)# crypto isakmp policy 10 ---
R2(config-isakmp)# authentication pre-share ---
R2(config-isakmp)# encryption aes 192 ---
R2(config-isakmp)# hash sha ---
R2(config-isakmp)# group 2 ---
R2(config-isakmp)#exit
R2(config)#crypto isakmp key ciscoclass address 11.0.0.1
R2(config)#do wr
FASE 2
R2(config)# crypto ipsec transform-set vpn-set ah-sha-hmac esp-aes
R2(config)# crypto map vpn-map 10 ipsec-isakmp

% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.

R2(config-crypto-map)# set peer 11.0.0.1
R2(config-crypto-map)# set transform-set vpn-set
R2(config-crypto-map)# match address 150
R2(config-crypto-map)# exit
R2(config)# int s0/2/0
R2(config-if)# crypto map vpn-map

*Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON

R2(config-if)# exit
R2(config)# access-list 150 permit gre host 11.0.0.6 host 11.0.0.1
R2(config)# do wr
OBSERVACIONES
Router# show crypto ipsec sa
Router# show crypto map
Router# show crypto isakmp
Router# show crypto ipsec
Router# show crypto isakmp policy
Publicado por en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)