Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Architecture Site To Site

    Hochgeladen von

    Mejou Meja
    12 Ansichten12 Seiten
    Ip subnet-zero ip cef! no ip dhcp use vrf connected! no service password-encryption! hostname R1! boot-start-marker boot-end-marker! no resource policy! ip isakmp policy 10 encr 3des hash md5 authentication pre-share group 5 lifetime 1800 crypto isakmp key miedkey address 172.16.3.253

    Originalbeschreibung:

    Originaltitel

    vpnipsecsitetosite-120402185348-phpapp01

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Ip subnet-zero ip cef! no ip dhcp use vrf connected! no service password-encryption! hostname R1! boot-start-marker boot-end-marker! no resource policy! ip isakmp policy 10 encr 3des hash md5 authentication pre-share group 5 lifetime 1800 crypto isakmp key miedkey address 172.16.3.253

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    12 Ansichten12 Seiten

    Architecture Site To Site

    Hochgeladen von

    Mejou Meja
    Ip subnet-zero ip cef! no ip dhcp use vrf connected! no service password-encryption! hostname R1! boot-start-marker boot-end-marker! no resource policy! ip isakmp policy 10 encr 3des hash md5 authentication pre-share group 5 lifetime 1800 crypto isakmp key miedkey address 172.16.3.253

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 12

    Architecture Site to site :

    Fichiers de configuration VPN site site


    Routeur R1:
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname R1
    !
    boot-start-marker
    boot-end-marker
    !
    no aaa new-model
    !
    resource policy
    !
    ip subnet-zero
    ip cef
    !
    no ip dhcp use vrf connected
    !
    no ip domain lookup
    no ip ips deny-action ips-interface
    !
    crypto isakmp policy 10
    encr 3des
    hash md5
    authentication pre-share
    group 5
    lifetime 1800
    crypto isakmp key miedkey address 172.16.3.253
    !
    crypto ipsec transform-set groupe3set esp-3des esp-md5-hmac
    !
    crypto map groupe3map 10 ipsec-isakmp
    set peer 172.16.3.253
    set transform-set groupe3set
    match address 101
    !
    interface FastEthernet0/0
    ip address 192.168.1.254 255.255.255.0
    ! ip nat inside
    ! ip virtual-reassembly
    duplex half
    !
    interface Serial1/0
    ip address 196.1.95.254 255.255.255.0
    ! ip nat outside
    ! ip virtual-reassembly
    serial restart-delay 0
    clock rate 64000
    crypto map groupe3map
    !
    interface Serial1/1
    no ip address
    shutdown
    serial restart-delay 0
    !
    interface Serial1/2
    no ip address
    shutdown
    serial restart-delay 0
    !
    interface Serial1/3
    no ip address
    shutdown
    serial restart-delay 0
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 196.1.95.253
    no ip http server
    no ip http secure-server
    !
    ! ip nat inside source list 1 interface Serial1/0 overload
    ! access-list 1 permit 192.168.1.0 0.0.0.255
    access-list 101 permit ip 192.168.1.0 0.0.0.255 172.16.4.0 0.0.0.255
    !
    control-plane
    !
    gatekeeper
    shutdown
    !
    line con 0
    exec-timeout 0 0
    logging synchronous
    stopbits 1
    line aux 0
    stopbits 1
    line vty 0 4
    login
    !
    end


    Routeur R2:

    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname R2
    !
    boot-start-marker
    boot-end-marker
    !
    no aaa new-model
    !
    resource policy
    !
    ip subnet-zero
    ip cef
    !
    no ip dhcp use vrf connected
    !
    no ip domain lookup
    no ip ips deny-action ips-interface
    !
    interface FastEthernet0/0
    no ip address
    shutdown
    duplex half
    !
    interface Serial1/0
    ip address 196.1.95.253 255.255.255.0
    serial restart-delay 0
    !
    interface Serial1/1
    ip address 172.16.5.254 255.255.255.0
    serial restart-delay 0
    clock rate 64000
    !
    interface Serial1/2
    ip address 172.16.3.254 255.255.255.0
    serial restart-delay 0
    clock rate 64000
    !
    interface Serial1/3
    no ip address
    shutdown
    serial restart-delay 0
    !
    ip classless
    ip route 172.16.6.0 255.255.255.0 172.16.5.253
    no ip http server
    no ip http secure-server
    !
    control-plane
    !
    gatekeeper
    shutdown
    !
    line con 0
    exec-timeout 0 0
    logging synchronous
    stopbits 1
    line aux 0
    stopbits 1
    line vty 0 4
    !
    end

    Routeur R3:
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname R3
    !
    boot-start-marker
    boot-end-marker
    !
    no aaa new-model
    !
    resource policy
    !
    ip subnet-zero
    ip cef
    !
    no ip dhcp use vrf connected
    !
    no ip domain lookup
    no ip ips deny-action ips-interface
    !
    interface FastEthernet0/0
    ip address 172.16.6.254 255.255.255.0
    duplex half
    !
    interface Serial1/0
    no ip address
    shutdown
    serial restart-delay 0
    !
    interface Serial1/1
    ip address 172.16.5.253 255.255.255.0
    serial restart-delay 0
    !
    interface Serial1/2
    no ip address
    shutdown
    serial restart-delay 0
    !
    interface Serial1/3
    no ip address
    shutdown
    serial restart-delay 0
    !
    ip classless
    ip route 172.16.3.0 255.255.255.0 172.16.5.254
    ip route 196.1.95.0 255.255.255.0 172.16.5.254
    no ip http server
    no ip http secure-server
    !
    control-plane
    !
    gatekeeper
    shutdown
    !
    line con 0
    exec-timeout 0 0
    logging synchronous
    stopbits 1
    line aux 0
    stopbits 1
    line vty 0 4
    !
    end

    Routeur R4:

    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname R4
    !
    boot-start-marker
    boot-end-marker
    !
    no aaa new-model
    !
    resource policy
    !
    ip subnet-zero
    ip cef
    !
    !
    no ip dhcp use vrf connected
    !
    no ip domain lookup
    no ip ips deny-action ips-interface
    !
    crypto isakmp policy 10
    encr 3des
    hash md5
    authentication pre-share
    group 5
    lifetime 1800
    crypto isakmp key miedkey address 196.1.95.254
    !
    crypto ipsec transform-set groupe3set esp-3des esp-md5-hmac
    !
    crypto map groupe3map 10 ipsec-isakmp
    set peer 196.1.95.254
    set transform-set groupe3set
    match address 101
    !
    interface FastEthernet0/0
    ip address 172.16.4.254 255.255.255.0
    ! ip nat inside
    ! ip virtual-reassembly
    duplex half
    !
    interface Serial1/0
    no ip address
    shutdown
    serial restart-delay 0
    !
    interface Serial1/1
    no ip address
    shutdown
    serial restart-delay 0
    !
    interface Serial1/2
    ip address 172.16.3.253 255.255.255.0
    ! ip nat outside
    ! ip virtual-reassembly
    serial restart-delay 0
    crypto map groupe3map
    !
    interface Serial1/3
    no ip address
    shutdown
    serial restart-delay 0
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 172.16.3.254
    no ip http server
    no ip http secure-server
    !
    ! ip nat source list 1 interface Serial1/2 overload
    !
    ! access-list 1 permit 172.16.4.0 0.0.0.255
    access-list 101 permit ip 172.16.4.0 0.0.0.255 192.168.1.0 0.0.0.255
    !
    control-plane
    !
    gatekeeper
    shutdown
    !
    line con 0
    exec-timeout 0 0
    logging synchronous
    stopbits 1
    line aux 0
    stopbits 1
    line vty 0 4
    !
    end





    Vrification:
    Les rseaux privs peuvent dsormais voir les rseaux publics:











    Mais le contraire n'est pas possible:













    De mme les rseaux privs ne se voient pas entre eux:




    Nous allons dans la suite de ce TP mettre en place un VPN site site entre le rseau priv 1
    et le rseau priv 2:




















    Les deux rseaux privs communiquent prsent entre eux:












    Extrait du rsultat de la commande show crypto ipsec sa














    Capture avec wireshark


    Les communications entre les rseaux privs dont donc cryptes.

    Das könnte Ihnen auch gefallen