Translate

sábado, 12 de janeiro de 2013

Configuração VPN Site-To-Site (Pre-Shared Keys)

Configuração de VPN Site-To-Site (Pre-Shared Keys):


-- Configuração dos Routers que estabelecem a VPN:

No Router A:

Router_A:(config): crypto isakmp enable

Router_A:(config): crypto isakmp policy 1
Router_A:(config-isakmp): authentication pre-share
Router_A:(config-isakmp): hash sha
Router_A:(config-isakmp): encryption aes 128
Router_A:(config-isakmp): group 2
Router_A:(config-isakmp): lifetime 86400
Router_A:(config-isakmp): exit
Router_A:(config): crypto isakmp key cisco address 172.16.1.2
Router_A:(config): exit

Router_A:(config): crypto ipsec transform set MYSET esp-aes esp-sha
Router_A:(config-crypto-trans): exit

Router_A:(config): access-list 101 permit ip 192.168.1.0 0.0.0.255 10.0.1.0 0.0.0.255

Router_A:(config): crypto map ROUTER_A_TO_ROUTER_B 10 ipsec-isakmp
Router_A:(config-crypto-map): set peer 172.16.1.2
Router_A:(config-crypto-map): match address 101
Router_A:(config-crypto-map): set transform-set MYSET
Router_A:(config-crypto-map): exit

Router_A:(config): interface s0/0
Router_A:(config-if): crypto map ROUTER_A_TO_ROUTER_B

Router_A: wr

No Router B:

Router_B:(config): crypto isakmp enable

Router_B:(config): crypto isakmp policy 1
Router_B:(config-isakmp): authentication pre-share
Router_B:(config-isakmp): hash sha
Router_B:(config-isakmp): encryption aes 128
Router_B:(config-isakmp): group 2
Router_B:(config-isakmp): lifetime 86400
Router_B:(config-isakmp): exit
Router_B:(config): crypto isakmp key cisco address 172.16.1.1
Router_B:(config): exit

Router_B:(config): crypto ipsec transform set MYSET esp-aes esp-sha
Router_B:(config-crypto-trans): exit

Router_B:(config): access-list 101 permit ip 10.0.1.0 0.0.0.255 192.168.1.0 0.0.0.255

Router_B:(config): crypto map ROUTER_B_TO_ROUTER_A 10 ipsec-isakmp
Router_B:(config-crypto-map): set peer 172.16.1.1
Router_B:(config-crypto-map): match address 101
Router_B:(config-crypto-map): set transform-set MYSET
Router_B:(config-crypto-map): exit

Router_B:(config): interface s0/0
Router_B:(config-if): crypto map ROUTER_B_TO_ROUTER_A

Router_B: wr

-- Fazer um ping do Router A ao servidor da rede local B;

-- Para testar o status da VPN:

show crypto session
show crypto isakmp sa
show crypto ipsec sa

DESCARREGAR AS CONFIGS AQUI









Publicada por à(s)
Etiquetas: , ,

Sem comentários:

Enviar um comentário

Subscrever: Enviar feedback (Atom)