[모든 router와 server에 IP 할당 및 routing protocol 설정]
DHCP server router
Router>enable
Router#conf t
Router(config)# router eigrp 100
Router(config-router)# network 11.0.0.0
Router(config-router)# exit
Router(config)# in range fa 0/0-1
Router(config-if-range)# no shutdown
Router(config-if-range)# exit
Router(config)# in fa 0/0
Router(config-if)# ip add 11.1.1.1 255.255.255.0
Router(config-if)# in fa 0/1
Router(config-if)# ip add 11.1.2.1 255.255.255.0
VPN server router
Router>enable
Router#conf t
Router(config)# router eigrp 100
Router(config-router)# network 10.0.0.0
Router(config-router)# network 11.0.0.0
Router(config-router)# exit
Router(config)# in range fa 0/0-1
Router(config-if-range)# no shutdown
Router(config-if-range)# exit
Router(config)# in fa 0/0
Router(config-if)# ip add 11.1.2.2 255.255.255.0
Router(config-if)# in fa 0/1
Router(config-if)# ip add 10.1.1.1 255.255.255.0
[DHCP 할당 - DHCP server가 DHCP client에 IP address를 할당]
Router(config)# ip dhcp excluded-address 11.1.1.1
Router(config)# ip dhcp pool REMOTE_POOL
Router(dhcp-config)# network 11.1.1.0 255.255.255.0
Router(dhcp-config)# default-router 11.1.1.1
VPN server 설정
[ISAKMP Security Associate 설정]
Router(config)# crypto isakmp policy 10
Router(config)# encryption aes
Router(config)# hash md5
Router(config)# group 2
Router(config)# authentication pre-share
Router(config)# lifetime 21600
[인증 및 인가 설정]
Router(config)# aaa new-model
Router(config)# aaa authentication login REMOTE local
Router(config)# aaa authorization login REMOTE local
Router(config)# username abcd password dcba
[본사 내의 IP 할당]
Router(config)# ip local pool MYPOOL 10.1.1.3 10.1.1.254
[SHARED KEY와 주소 할당]
Router(config)# crypto isakmp client configuration group REMOTE
Router(config)# key 1111
Router(config)# pool MYPOOL
[IPSec 단계 설정]
Router(config)# crypto ipsec transform-set MYSET esp-des esp-md5-hmac
Router(config)# crypto dynamic-map DMAP 10
Router(config)# set transform-set MYSET
[설정 매핑]
Router(config)# crypto map CLIENT_MAP client authentication list REMOTE
Router(config)# crypto map CLIENT_MAP isakmp authorization list REMOTE
Router(config)# crypto map CLIENT_MAP client configuration address respond
Router(config)# crypto map CLIENT_MAP 10 ipsec-isakmp dynamic DMAP
Router(config)# in fa 0/0
Router(config)# crypto map CLIENT_MAP
'클라우드 컴퓨팅 기술인재 양성과정 > Network' 카테고리의 다른 글
| [NETWORK] IPSEC VPN (0) | 2019.09.27 |
|---|---|
| [NETWORK] static root 설정 (0) | 2019.09.26 |
| [NETWORK] static & dynamic routing (0) | 2019.09.26 |
| [NETWORK] 이더넷 채널(ethernet channel) 설정 (0) | 2019.09.25 |
| [NETWORK] 네트워크 기본 명령어 (0) | 2019.09.15 |