Scribd Logo
Unggah

Selamat datang di Scribd!

  • VPN Site To Site

    Diunggah oleh

    Time To Love
    10 tayangan6 halaman

    Judul Asli

    VPN Site to Site

    Hak Cipta

    © Attribution Non-Commercial (BY-NC)

    Format Tersedia

    DOC, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai DOC, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    10 tayangan6 halaman

    VPN Site To Site

    Diunggah oleh

    Time To Love

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai DOC, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 6

    FPT Information System

    Lab VPN Site To Site on


    Router

    2009

    Top Secret

    1/6

    FPT Information System

    Contents
    1. TOPOLOGY & DESCRIPTION......................................................................................................... 3
    1.1. Topology................................................................................................................................. 3
    1.2. Description.............................................................................................................................. 3
    2. CONFIGURING VIRTUAL ISP ON CISCO.......................................................................................4
    2.1. Configuring ip address for interface........................................................................................4
    2.2. Configuring router to virtual ISP.............................................................................................. 4
    3. CONFIGURING SITEA ROUTER..................................................................................................... 4
    3.1. Configuring ip address for interface........................................................................................4
    3.2. Configuring VPN site to site apply by tunnel ..........................................................................4
    3.3. Configuring static route for SiteA router..................................................................................5
    4. CONFIGURING SITEB ROUTER..................................................................................................... 5
    4.1. Configuring ip address for interface........................................................................................5
    4.2. Configuring VPN site to site apply by tunnel ..........................................................................5
    4.3. Configuring static route for SiteB router..................................................................................6
    5. TEST................................................................................................................................................. 6
    5.1. Configuring IP for PC A.......................................................................................................... 6
    5.2. Configuring IP for PC B.......................................................................................................... 6
    5.3. Test......................................................................................................................................... 6

    Top Secret

    2/6

    FPT Information System

    1.

    Topology & Description

    1.1.

    Topology

    1.2.

    Description

    Item Number
    Item
    IP Address

    1
    SiteA
    Internal IP :

    2
    SiteB
    Internal IP :

    3
    ISP
    Connect to

    4
    PCA
    Ip address:

    5
    PCB
    Ip address:

    - Int Fa0/0 :

    - Int Fa0/0 :

    SiteA

    10.0.0.2/ 24

    20.0.0.2/

    10.0.0.1/24

    20.0.0.1/24

    router :

    GW :

    24

    External IP :

    External IP :

    - Int Fa0/1 :

    10.1.1.1

    GW :

    - Int Fa0/1 :

    - Int Fa0/1 :

    192.168.2.2/

    192.168.1.1/24

    192.168.2.1/

    24

    24

    Connect to

    20.2.2.1

    SiteB
    router :
    - Int Fa0/0 :
    192.168.2.2/
    24
    OS

    Cisco 2811

    Cisco 2811

    Cisco 2811

    Windows XP

    Windows

    Role

    VPN tunnel site

    VPN tunnel

    Virtual ISP

    PC test

    XP
    PC test

    site

    Top Secret

    3/6

    FPT Information System

    2.
    2.1.

    Configuring virtual ISP on Cisco


    Configuring ip address for interface
    ISP(config)#int fa0/1
    ISP(config-if)#ip add 192.168.2.2 255.255.255.0
    ISP(config-if)#no shut
    ISP(config-if)#exit
    ISP(config)#int fa0/0
    ISP(config-if)#ip add 192.168.2.2 255.255.255.0
    ISP(config-if)#no shut
    ISP(config-if)#exit

    2.2.

    Configuring router to virtual ISP


    ISP(config)#ip routing 10.0.0.0 255.255.255.0 192.168.1.2
    ISP(config)#ip routing 20.0.0.0 255.255.255.0 192.168.2.2

    3.
    3.1.

    Configuring SiteA router


    Configuring ip address for interface
    SiteA(config)#int fa0/0
    SiteA(config-if)#ip add 10.0.0.1 255.255.255.0
    SiteA(config-if)#no shut
    SiteA(config-if)#exit
    SiteA(config)#int fa0/1
    SiteA(config-if)#ip add 192.168.1.1 255.255.255.0
    SiteA(config-if)#no shut
    SiteA(config-if)#exit

    3.2.

    Configuring VPN site to site apply by tunnel


    SiteA
    SiteA
    SiteA
    SiteA
    SiteA
    SiteA

    (config)#crypto isakmp policy 10


    (config-isakmp)#encryption 3des
    (config-isakmp)#hash md5
    (config-isakmp)#authentication pre-share
    (config-isakmp)#exit
    (config)#crypto isakmp key cisco address 192.168.2.1

    SiteA
    SiteA
    SiteA
    SiteA
    SiteA
    SiteA
    SiteA
    SiteA

    (config)#crypto ipsec transform-set site esp-3des esp-md5-hmac


    (cfg-crypto-trans)#exit
    (config)#crypto map abc 10 ipsec-isakmp
    (config-crypto-map)#set peer 192.168.2.1
    (config-crypto-map)#set transform-set site
    (config-crypto-map)#match address 101
    (config-crypto-map)#exit
    (config)#int fa0/1

    Top Secret

    4/6

    FPT Information System

    SiteA
    SiteA
    SiteA
    SiteA
    SiteA
    SiteA
    SiteA
    SiteA
    SiteA
    SiteA

    (config-if)#ip nat outside


    (config-if)#crypto map abc
    (config-if)#exit
    (config)#int fa0/0
    (config-if)#ip nat inside
    (config-if)#exit
    (config)#ip nat inside source list 110 interface fa0/1 overload
    (config)#access-list 110 deny ip 10.0.0.0 0.0.0.255 20.0.0.0 0.0.0.255
    (config)#access-list 110 permit ip any any
    (config)#access-list 101 permit ip 10.0.0.0 0.0.0.255 20.0.0.0 0.0.0.255

    Khi VPN qua Internet th cn cu hnh nat


    3.3.

    Configuring static route for SiteA router


    SiteA(config)#ip route 20.0.0.0 255.255.255.0 192.168.2.2

    4.
    4.1.

    Configuring SiteB router


    Configuring ip address for interface
    SiteB(config)#int fa0/0
    SiteB(config-if)#no shut
    SiteB(config-if)#ip add 20.0.0.1 255.255.255.0
    SiteB(config-if)#exit
    SiteB(config)#int fa0/1
    SiteB(config-if)#no shut
    SiteB(config-if)#ip add 192.168.2.1 255.255.255.0
    SiteB(config-if)#exit

    4.2.

    Configuring VPN site to site apply by tunnel


    SiteB
    SiteB
    SiteB
    SiteB
    SiteB
    SiteB

    (config)#crypto isakmp policy 10


    (config-isakmp)#encryption 3des
    (config-isakmp)#hash md5
    (config-isakmp)#authentication pre-share
    (config-isakmp)#exit
    (config)#crypto isakmp key cisco address 192.168.1.1

    SiteB
    SiteB
    SiteB
    SiteB
    SiteB
    SiteB
    SiteB
    SiteB
    SiteB
    SiteB
    SiteB
    SiteB
    SiteB
    SiteB
    SiteB
    SiteB

    (config)#crypto ipsec transform-set site esp-3des esp-md5-hmac


    (cfg-crypto-trans)#exit
    (config)#crypto map abc 10 ipsec-isakmp
    (config-crypto-map)#set peer 192.168.1.1
    (config-crypto-map)#set transform-set site
    (config-crypto-map)#match address 101
    (config-crypto-map)#exit
    (config)#int fa0/1
    (config-if)#ip nat outside
    (config-if)#crypto map abc
    (config-if)#exit
    (config)#int fa0/0
    (config-if)#ip nat inside
    (config-if)#exit
    (config)#ip nat inside source list 110 interface fa0/1 overload
    (config)#access-list 110 deny ip 20.0.0.0 0.0.0.255 10.0.0.0 0.0.0.255

    Top Secret

    5/6

    FPT Information System

    SiteB (config)#access-list 110 permit ip any any


    SiteB (config)#access-list 101 permit ip 20.0.0.0 0.0.0.255 10.0.0.0 0.0.0.255

    4.3.

    Configuring static route for SiteB router


    SiteB(config)#ip route 10.0.0.0 255.255.255.0 192.168.2.2

    5.
    5.1.

    Test
    Configuring IP for PC A
    IP address: 10.0.0.2 /24
    GW : 10.0.0.1

    5.2.

    Configuring IP for PC B
    IP address: 20.0.0.2 /24
    GW : 20.0.0.1

    5.3.

    Test
    PCA:\>ping 20.0.0.1
    PCB:\>ping 10.0.0.1

    Top Secret

    6/6

    Anda mungkin juga menyukai