Académique Documents
Professionnel Documents
Culture Documents
• Connexion lan-to-lan :
➡ mot de passe (Pre-Shared Key)
➡ certificats numériques (Public Key Infrastructure)
• Protocoles normalisés :
➡ IPsec en mode transport ou tunnel
➡ IPsec/GRE : couche 3 + multicast + …
➡ IPsec/L2TP : couche 2
IP security (IPsec)
RFC 4301
• https://wiki.debian.org/IPsec
• ipsec-tools + racoon
• Configuration :
racoon. conf + psk.txt + ipsec-tools.conf
sous OpenBSD
• IKEv2 : iked.conf
Sur PIX/ASA
access-list 90 permit ip 10.0.0.0 255.255.255.0 10.0.1.0 255.255.255.0
sysopt connection permit-ipsec
crypto ipsec transform-set strong esp-3des esp-sha-hmac
crypto map rt 20 ipsec-isakmp
crypto map rt 20 match address 90
crypto map rt 20 set peer 100.20.20.20
crypto map rt 20 set transform-set strong
crypto map rt interface outside
isakmp enable outside
isakmp key cisco1234 address 100.20.20.20 netmask 255.255.255.255
isakmp identity address
isakmp policy 9 authentication pre-share
isakmp policy 9 encryption 3des
isakmp policy 9 hash sha
isakmp policy 9 group 1
isakmp policy 9 lifetime 86400
interface Gi0/0
crypto map nolan