GNS3/Linux: Creando una VPN site to site usando CLI
Topologia:
R0
interface FastEthernet0/0
ip address 192.168.169.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
router rip
network 192.168.1.0
network 192.168.169.0
line con 0
logging synchronous
R1
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp key s3cr3t address 192.168.1.1
!
!
crypto ipsec transform-set TRANSFORM_VPN_TEST esp-aes esp-sha-hmac
!
crypto map VPN_R1_TO_R2 10 ipsec-isakmp
set peer 192.168.1.1
set transform-set TRANSFORM_VPN_TEST
match address 101
interface FastEthernet0/0
ip address 10.10.2.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.169.1 255.255.255.0
duplex auto
speed auto
crypto map VPN_R1_TO_R2
!
router rip
network 192.168.169.0
ip route 10.10.3.0 255.255.255.0 192.168.1.1
access-list 101 permit ip 10.10.2.0 0.0.0.255 10.10.3.0 0.0.0.255
line con 0
logging synchronous
R2
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp key s3cr3t address 192.168.169.1
!
!
crypto ipsec transform-set TRANSFORM_VPN_TEST esp-aes esp-sha-hmac
!
crypto map VPN_R2_TO_R1 10 ipsec-isakmp
set peer 192.168.169.1
set transform-set TRANSFORM_VPN_TEST
match address 101
interface FastEthernet0/0
ip address 10.10.3.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
crypto map VPN_R2_TO_R1
!
router rip
network 192.168.1.0
ip route 10.10.2.0 255.255.255.0 192.168.169.1
access-list 101 permit ip 10.10.3.0 0.0.0.255 10.10.2.0 0.0.0.255
line con 0
logging synchronous
Entradas
3 comments:
hello... hapi blogging... have a nice day! just visiting here....
Publicar un comentario en la entrada