July 14, 2011

Cisco GRE + IPSec


Настройка ISAKMP на роутере R1:
R1(config)#crypto isakmp policy 1
R1(config-isakmp)#encryption 3des
R1(config-isakmp)#hash md5
R1(config-isakmp)#authentication pre-share
R1(config-isakmp)#lifetime 600
R1(config)#crypto isakmp key 0 PASSWORD address 10.0.0.2

Настройка ISAKMP на роутере R2:
R2(config)#crypto isakmp policy 1
R2(config-isakmp)#encryption 3des
R2(config-isakmp)#hash md5
R2(config-isakmp)#authentication pre-share
R2(config-isakmp)#lifetime 600
R2(config)#crypto isakmp key 0 PASSWORD address 10.0.0.1

Конфигурирование Transform-set и профайла IPSec на роутере R1:
R1(config)#crypto ipsec transform-set TS esp-3des esp-md5-hmac
R1(config)#crypto ipsec profile IPSPro
R1(ipsec-profile)#set transform-set TS

Конфигурирование Transform-set и профайла IPSec на роутере R2:
R2(config)#crypto ipsec transform-set TS esp-3des esp-md5-hmac
R2(config)#crypto ipsec profile IPSPro
R2(ipsec-profile)#set transform-set TS

Создание туннеля для роутера R1:
R1(config)#interface tunnel 1
R1(config-if)#ip address 10.1.1.1 255.255.255.252
R1(config-if)#tunnel source 10.0.0.1
R1(config-if)#tunnel destination 10.0.0.2
R1(config-if)#tunnel protection ipsec profile IPSPro

Создание туннеля для роутера R2:
R2(config)#interface tunnel 1
R2(config-if)#ip address 10.1.1.2 255.255.255.252
R2(config-if)#tunnel source 10.0.0.2
R2(config-if)#tunnel destination 10.0.0.1
R2(config-if)#tunnel protection ipsec profile IPSPro

Настройка статических маршрутов:
R1(config)#ip route 172.16.1.0 255.255.255.0 tunnel 1
R2(config)#ip route 192.168.1.0 255.255.255.0 tunnel 1

1 comment:

  1. 10.0.0.1 Login The default local address for the network router is 10.0.0.1 and this is also a “class A” internet protocol address used by the private network
    10.0.0.1

    ReplyDelete