Scribd Logo
Importer

Bienvenue sur Scribd !

  • VPN Site To Site Ikev2.odt

    Transféré par

    Ñito Rodriguez
    8 vues4 pages

    Titre original

    vpn site to site ikev2.odt

    Copyright

    © © All Rights Reserved

    Formats disponibles

    ODT, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme ODT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    8 vues4 pages

    VPN Site To Site Ikev2.odt

    Transféré par

    Ñito Rodriguez

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme ODT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 4

    1.

    Definir un IKEv2 Keyring

    R1#configure terminal
    R1(config)#crypto ikev2 keyring KR-1
    R1(config-ikev2-keyring)#peer SITE-2
    R1(config-ikev2-keyring-peer)#address 192.168.10.250
    R1(config-ikev2-keyring-peer)#pre-shared-key Sanramon2017
    R1(config-ikev2-keyring-peer)#exit
    R1(config-ikev2-keyring)#exit
    R1(config)#exit
    R1#

    2. Definir una Propuesta IKEv2


    R1#configure terminal
    R1(config)#crypto ikev2 proposal PROP-SITE2
    R1(config-ikev2-proposal)#encryption aes-cbc-256
    R1(config-ikev2-proposal)#integrity sha512
    R1(config-ikev2-proposal)#group 24
    R1(config-ikev2-proposal)#exit
    R1(config)#exit
    R1#

    3. Definir una Politica IKEv2


    R1#configure terminal
    R1(config)#crypto ikev2 policy POL-SITE2
    R1(config-ikev2-policy)#proposal PROP-SITE2
    R1(config-ikev2-policy)#exit
    R1(config)#exit
    R1#
    4. Configurar un Crypto ACL para identificar el trafico Permitido
    R1#configure terminal
    R1(config)#ip access-list extended SITE1-SITE2-CACL
    R1(config-ext-nacl)#permit ip 192.168.30.0 0.0.0.255 10.10.10.0 0.0.0.255
    R1(config-ext-nacl)#exit
    R1(config)#exit

    5. Configurar un Transform Set


    R1#configure terminal
    R1(config)#crypto ipsec transform-set SITE2-TS esp-aes esp-sha512-hmac
    R1(cfg-crypto-trans)#exit
    R1(config)#exit
    R1#
    6. Configurar un Perfil IKEv2
    R1#configure terminal
    R1(config)#crypto ikev2 profile SITE2-PROFILE
    R1(config-ikev2-profile)#match identity remote address 192.168.10.250
    255.255.255.255
    R1(config-ikev2-profile)#authentication local pre-share
    R1(config-ikev2-profile)#authentication remote pre-share
    R1(config-ikev2-profile)#keyring local KR-1
    R1(config-ikev2-profile)#exit
    R1(config)#exit

    7. Definir un Crypto Map


    R1#configure terminal
    R1(config)#crypto map CMAP-SITE2 10 ipsec-isakmp
    R1(config-crypto-map)#set peer 192.168.10.250
    R1(config-crypto-map)#set pfs group24
    R1(config-crypto-map)#set security-association lifetime seconds 3600
    R1(config-crypto-map)#set transform-set SITE2-TS
    R1(config-crypto-map)#set ikev2-profile SITE2-PROFILE
    R1(config-crypto-map)#match address SITE1-SITE2-CACL
    R1(config-crypto-map)#exit
    R1(config)#exit

    8. Aplicar el Crypto Map a la Inteface WAN


    R1#configure terminal
    R1(config)#interface Fa0/0
    R1(config-if)#crypto map CMAP-SITE2
    R1(config-if)#exit
    R1(config)#exit
    1. Definir un IKEv2 Keyring

    R2#configure terminal
    R2(config)#crypto ikev2 keyring KR-1
    R2(config-ikev2-keyring)#peer SITE-1
    R2(config-ikev2-keyring-peer)#address 192.168.10.249
    R2(config-ikev2-keyring-peer)#pre-shared-key Sanramon2017
    R2(config-ikev2-keyring-peer)#exit
    R2(config-ikev2-keyring)#exit
    R2(config)#exit

    2. Definir una Propuesta IKEv2


    R2#configure terminal
    R2(config)#crypto ikev2 proposal PROP-SITE1
    R2(config-ikev2-proposal)#encryption aes-cbc-256
    R2(config-ikev2-proposal)#integrity sha512
    R2(config-ikev2-proposal)#group 24
    R2(config-ikev2-proposal)#exit
    R2(config)#exit

    3. Definir una Politica IKEv2


    R2#configure terminal
    R2(config)#crypto ikev2 policy POL-SITE1
    R2(config-ikev2-policy)#proposal PROP-SITE1
    R2(config-ikev2-policy)#exit
    R2(config)#exit

    4. Configurar un Crypto ACL para identificar el trafico Permitido


    R2#configure terminal
    R2(config)#ip access-list extended SITE2-SITE1-CACL
    R2(config-ext-nacl)#permit ip 10.10.10.0 0.0.0.255 192.168.30.0 0.0.0.255
    R2(config-ext-nacl)#exit
    R2(config)#exit

    5. Configurar un Transform Set


    R2#configure terminal
    R2(config)#crypto ipsec transform-set SITE1-TS esp-aes esp-sha512-hmac
    R2(cfg-crypto-trans)#exit
    R2(config)#exit

    6. Configurar un Perfil IKEv2


    R2#configure terminal
    R2(config)#crypto ikev2 profile SITE1-PROFILE
    R2(config-ikev2-profile)#match identity remote address 192.168.10.249
    255.255.255.255
    R2(config-ikev2-profile)#authentication local pre-share
    R2(config-ikev2-profile)#authentication remote pre-share
    R2(config-ikev2-profile)#keyring local KR-1
    R2(config-ikev2-profile)#exit
    R2(config)#exit
    7. Definir un Crypto Map
    R2#configure terminal
    R2(config)#crypto map CMAP-SITE1 10 ipsec-isakmp
    R2(config-crypto-map)#set peer 192.168.10.249
    R2(config-crypto-map)#set pfs group24
    R2(config-crypto-map)#set security-association lifetime seconds 3600
    R2(config-crypto-map)#set transform-set SITE1-TS
    R2(config-crypto-map)#set ikev2-profile SITE1-PROFILE
    R2(config-crypto-map)#match address SITE2-SITE1-CACL
    R2(config-crypto-map)#exit
    R2(config)#exit

    8. Aplicar el Crypto Map a la Inteface WAN


    R2#configure terminal
    R2(config)#interface Fa0/0
    R2(config-if)#crypto map CMAP-SITE1
    R2(config-if)#exit
    R2(config)#exit

    Vous aimerez peut-être aussi