Scribd Logo
Importer

Bienvenue sur Scribd !

  • Creating Site To Site VPNs

    Transféré par

    danicam01
    49 vues2 pages
    Create mirrored ACLs defining traffic to be encrypted and the traffic expected to be received encrypted. Create interesting traffic: 1. Ping from source network to destination network.

    Description originale:

    Titre original

    Creating Site to Site VPNs

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Create mirrored ACLs defining traffic to be encrypted and the traffic expected to be received encrypted. Create interesting traffic: 1. Ping from source network to destination network.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    49 vues2 pages

    Creating Site To Site VPNs

    Transféré par

    danicam01
    Create mirrored ACLs defining traffic to be encrypted and the traffic expected to be received encrypted. Create interesting traffic: 1. Ping from source network to destination network.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 2

    CreatingSitetoSiteVPNswithPreSharedKeys

    Documentation: 1. DocumentyourIKEPhase1negotiationcriteria(examplebelow) Hashing:SHA1 Authentication:preshared Keyexchange:DiffieHellmanGroup2 2. DocumentyourIPSec(IKEPhase2)negotiationcriteria(examplebelow) Encryptionalgorithm:espaes128 Authentication:espshahmac ConfiguringIKEPhase1: 1. EnableISAKMP Router(config)#crypto isakmp enable 2. CreateISAKMPPolicy:Router(config)#crypto isakmp policy <1-10000> Router(config)#crypto isakmp policy 100 Router(config-isakmp)#encryption aes 128 Router(config-isakmp)#authentication pre-share Router(config-isakmp)#group 2 Router(config-isakmp)#hash sha Router(config-isakmp)#exit 3. ConfigureISAKMPIdentity:Router(config)#crypto isakmp identity <address/hostname> Router(config)#crypto isakmp identity address 4. ConfigureISAKMPKey:Router(config)#crypto isakmp key 0 <Pre-SharedKey> address <remote IP address> Router(config)#crypto isakmp key 0 SUPERSECRETKEY address 1.1.1.2 ConfiguringIKEPhase2: 1. Createtransformsets:Router(config)#crypto ipsec transform-set <name> <methods> Router(config)#crypto ipsec transform-set SET-NAME esp-aes 128 esp-sha-hmac Router(cfg-crypto-trans)#mode tunnel Router(cfg-crypto-trans)#exit 2. (optional)ConfigureIPSeclifetime:Router(config)#crypto ipsec securityassociation lifetime <seconds/kilobytes> <value>

    Router(config)#crypto ipsec security-association lifetime seconds 86400 3. CreatemirroredACLsdefiningtraffictobeencryptedandthetrafficexpectedtobereceived encrypted.Router(config)#ip access-list extended <name>, Router(config)#permit ip <source network | wildcard> <destination network | wildcard> Router(config)#ip access-list extended S2S-VPN-TRAFFIC Router(config-ext-nacl)#permit ip 172.30.2.0 0.0.0.255 192.168.1.0 0.0.0.255 Router(config-ext-nacl)#exit 4. SetupIPSeccryptomap:Router(config)#crypto map <name> <seq> ipseciskmp Router(config)#crypto map S2S-VPN 100 ipsec-isakmp o Router(config-crypto-map)#match address S2S-VPNTRAFFIC o Router(config-crypto-map)#set peer 1.1.1.2 <remote IP> o Router(config-crypto-map)#set pfs group2 <group1/2/5 optional> o Router(config-crypto-map)#set transform-set SET-NAME <set> ApplytoInterface: 1. Applycryptomaptointerface Router(config)#int fa4 Router(config-int)#crypto map S2S-VPN CreateInterestingTraffic: 1. Pingfromsourcenetworktodestinationnetwork. Verify: 2. Showanddebugcommands(QM_IDLEisgood) Router#show crypto isakmp sa Router#show crypto ipsec sa Router#debug crypto isakmp Router#debug crypto ipsec Router#show crypto map Router#show crypto isakmp policy Router#show crypto ipsec transform-set Router#clear crypto sa

    Vous aimerez peut-être aussi