[IPSec VPN 설정]
[대전 Router 설정]
en
conf t
in fa 0/0
no sh
ip add 100.100.101.2 255.255.255.0
in fa 0/1
no sh
ip add 10.1.2.1 255.255.255.0
ip route 10.1.1.0 255.255.255.0 100.100.101.1
ip route 100.100.100.0 255.255.255.0 100.100.101.1
[ISP Router 설정]
en
conf t
in fa 0/0
no sh
ip add 100.100.100.1 255.255.255.0
in fa 0/1
no sh
ip add 100.100.101.1 255.255.255.0
[서울 Router 설정]
en
conf t
in fa 0/0
no sh
ip add 100.100.100.1 255.255.255.0
in fa 0/1
no sh
ip add 10.1.1.2 255.255.255.0
ip route 10.1.2.0 255.255.255.0 100.100.100.1
ip route 100.100.101.0 255.255.255.0 100.100.100.1
[R1 설정]
en
conf t
in fa 0/0
no sh
ip add 10.1.1.1 255.255.255.0
ip route 10.1.2.0 255.255.255.0 10.1.1.2
[서울 VPN 설정]
(config)# crypto isakmp enable
(config)# crypto isakmp policy 10
(config-isakmp)# authentication pre-share
(config-isakmp)# encryption aes 128
(config-isakmp)# group 5
(config-isakmp)# hash sha
(config-isakmp)# lifetime 86400
(config)# crypto isakmp key 00100 address 100.100.101.2
(config)# crypto ipsec transform-set MYSET esp-des esp-md5-hmac
(config)# access-list 100 permit ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255
(config)# crypto map MYMAP 10 ipsec-isakmp
(config-crypto-map)# match address 100
(config-crypto-map)# set peer 100.100.101.2
(config-crypto-map)# set transform-set MYSET
(config-crypto-map)# set security-association lifetime seconds 86400
(config-crypto-map)# interface fa 0/0
(config-if)# crypto map MYMAP
[동경 VPN 설정]
(config)# crypto isakmp enable
(config)# crypto isakmp policy 10
(config-isakmp)# authentication pre-share
(config-isakmp)# encryption aes 128
(config-isakmp)# group 5
(config-isakmp)# hash sha
(config-isakmp)# lifetime 86400
(config)# crypto isakmp key 00100 address 100.100.100.2
(config)# crypto ipsec transform-set MYSET esp-des esp-md5-hmac
(config)# access-list 100 permit ip 10.1.2.0 0.0.0.255 10.1.1.0 0.0.0.255
(config)# crypto map MYMAP 10 ipsec-isakmp
(config-crypto-map)# match address 100
(config-crypto-map)# set peer 100.100.100.2
(config-crypto-map)# set transform-set MYSET
(config-crypto-map)# set security-association lifetime seconds 86400
(config-crypto-map)# interface fa 0/0
(config-if)# crypto map MYMAP
'클라우드 컴퓨팅 기술인재 양성과정 > Network' 카테고리의 다른 글
| [NETWORK] Client VPN (0) | 2019.09.29 |
|---|---|
| [NETWORK] static root 설정 (0) | 2019.09.26 |
| [NETWORK] static & dynamic routing (0) | 2019.09.26 |
| [NETWORK] 이더넷 채널(ethernet channel) 설정 (0) | 2019.09.25 |
| [NETWORK] 네트워크 기본 명령어 (0) | 2019.09.15 |