0 évaluation0% ont trouvé ce document utile (0 vote)
15 vues12 pages
Ip subnet-zero ip cef! no ip dhcp use vrf connected! no service password-encryption! hostname R1! boot-start-marker boot-end-marker! no resource policy! ip isakmp policy 10 encr 3des hash md5 authentication pre-share group 5 lifetime 1800 crypto isakmp key miedkey address 172.16.3.253
Ip subnet-zero ip cef! no ip dhcp use vrf connected! no service password-encryption! hostname R1! boot-start-marker boot-end-marker! no resource policy! ip isakmp policy 10 encr 3des hash md5 authentication pre-share group 5 lifetime 1800 crypto isakmp key miedkey address 172.16.3.253
Ip subnet-zero ip cef! no ip dhcp use vrf connected! no service password-encryption! hostname R1! boot-start-marker boot-end-marker! no resource policy! ip isakmp policy 10 encr 3des hash md5 authentication pre-share group 5 lifetime 1800 crypto isakmp key miedkey address 172.16.3.253
Routeur R1: version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! no ip dhcp use vrf connected ! no ip domain lookup no ip ips deny-action ips-interface ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 5 lifetime 1800 crypto isakmp key miedkey address 172.16.3.253 ! crypto ipsec transform-set groupe3set esp-3des esp-md5-hmac ! crypto map groupe3map 10 ipsec-isakmp set peer 172.16.3.253 set transform-set groupe3set match address 101 ! interface FastEthernet0/0 ip address 192.168.1.254 255.255.255.0 ! ip nat inside ! ip virtual-reassembly duplex half ! interface Serial1/0 ip address 196.1.95.254 255.255.255.0 ! ip nat outside ! ip virtual-reassembly serial restart-delay 0 clock rate 64000 crypto map groupe3map ! interface Serial1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! ip classless ip route 0.0.0.0 0.0.0.0 196.1.95.253 no ip http server no ip http secure-server ! ! ip nat inside source list 1 interface Serial1/0 overload ! access-list 1 permit 192.168.1.0 0.0.0.255 access-list 101 permit ip 192.168.1.0 0.0.0.255 172.16.4.0 0.0.0.255 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 login ! end
Routeur R2:
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! no ip dhcp use vrf connected ! no ip domain lookup no ip ips deny-action ips-interface ! interface FastEthernet0/0 no ip address shutdown duplex half ! interface Serial1/0 ip address 196.1.95.253 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 172.16.5.254 255.255.255.0 serial restart-delay 0 clock rate 64000 ! interface Serial1/2 ip address 172.16.3.254 255.255.255.0 serial restart-delay 0 clock rate 64000 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! ip classless ip route 172.16.6.0 255.255.255.0 172.16.5.253 no ip http server no ip http secure-server ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end
Routeur R3: ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! no ip dhcp use vrf connected ! no ip domain lookup no ip ips deny-action ips-interface ! interface FastEthernet0/0 ip address 172.16.6.254 255.255.255.0 duplex half ! interface Serial1/0 no ip address shutdown serial restart-delay 0 ! interface Serial1/1 ip address 172.16.5.253 255.255.255.0 serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! ip classless ip route 172.16.3.0 255.255.255.0 172.16.5.254 ip route 196.1.95.0 255.255.255.0 172.16.5.254 no ip http server no ip http secure-server ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end
Routeur R4:
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R4 ! boot-start-marker boot-end-marker ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! no ip domain lookup no ip ips deny-action ips-interface ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 5 lifetime 1800 crypto isakmp key miedkey address 196.1.95.254 ! crypto ipsec transform-set groupe3set esp-3des esp-md5-hmac ! crypto map groupe3map 10 ipsec-isakmp set peer 196.1.95.254 set transform-set groupe3set match address 101 ! interface FastEthernet0/0 ip address 172.16.4.254 255.255.255.0 ! ip nat inside ! ip virtual-reassembly duplex half ! interface Serial1/0 no ip address shutdown serial restart-delay 0 ! interface Serial1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/2 ip address 172.16.3.253 255.255.255.0 ! ip nat outside ! ip virtual-reassembly serial restart-delay 0 crypto map groupe3map ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! ip classless ip route 0.0.0.0 0.0.0.0 172.16.3.254 no ip http server no ip http secure-server ! ! ip nat source list 1 interface Serial1/2 overload ! ! access-list 1 permit 172.16.4.0 0.0.0.255 access-list 101 permit ip 172.16.4.0 0.0.0.255 192.168.1.0 0.0.0.255 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end
Vrification: Les rseaux privs peuvent dsormais voir les rseaux publics:
Mais le contraire n'est pas possible:
De mme les rseaux privs ne se voient pas entre eux:
Nous allons dans la suite de ce TP mettre en place un VPN site site entre le rseau priv 1 et le rseau priv 2:
Les deux rseaux privs communiquent prsent entre eux:
Extrait du rsultat de la commande show crypto ipsec sa
Capture avec wireshark
Les communications entre les rseaux privs dont donc cryptes.