http://danscourses.com-了解如何使用Cisco IOS CLI在Cisco路由器上创建IPsec VPN隧道。 CCNA安全主题。
1.启动R1,ISP和R3的配置。粘贴到全局配置模式:
主机名R1
接口g0 / 1
IP地址192.168.1.1 255.255.255.0
不关门
接口g0 / 0
IP地址209.165.100.1 255.255.255.0
不关门
出口
ip路由0.0.0.0 0.0.0.0 209.165.100.2
主机名ISP
接口g0 / 1
IP地址209.165.200.2 255.255.255.0
不关门
接口g0 / 0
IP地址209.165.100.2 255.255.255.0
不关门
出口
主机名R3
接口g0 / 1
IP地址192.168.3.1 255.255.255.0
不关门
接口g0 / 0
IP地址209.165.200.1 255.255.255.0
不关门
出口
ip路由0.0.0.0 0.0.0.0 209.165.200.2
2.确保路由器已启用安全许可证:
许可证引导模块c1900技术-软件包securityk9
3.在隧道两端(R1和R3)的路由器上配置IPsec
R1
crypto isakmp策略10
加密AES 256
验证预共享
5组
!
crypto isakmp密钥秘钥地址209.165.200.1
!
加密ipsec变换集R1-R3 esp-aes 256 esp-sha-hmac
!
加密映射IPSEC-MAP 10 ipsec-isakmp
设置对等体209.165.200.1
设置pfs group5
设置安全关联生命周期秒数86400
设置变换集R1-R3
匹配地址100
!
接口GigabitEthernet0 / 0
加密映射IPSEC-MAP
!
访问列表100许可ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
R3
crypto isakmp策略10
加密AES 256
验证预共享
5组
!
crypto isakmp密钥secretkey地址209.165.100.1
!
加密ipsec转换集R3-R1 esp-aes 256 esp-sha-hmac
!
加密映射IPSEC-MAP 10 ipsec-isakmp
设置对等体209.165.100.1
设置pfs group5
设置安全关联生命周期秒数86400
设置变换集R3-R1
匹配地址100
!
接口GigabitEthernet0 / 0
加密映射IPSEC-MAP
!
访问列表100许可ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255。
I love that the video was watched from almost all over the world.
Thank you Professor for sharing the knowledge.
Very well explained.
Great Video.
Good to remember that certain items in the Crypto Policy MUST match on the other side, but not all. These are
1.Hash 2. Encryption 3. Authentication 4. Diffie-Hellman Group number
what is the command for transport/tunnel mode?
thank´s i liked a video is fantastic
thank you man really great video and you made it clear and easy for me again thank you, god bless you
your video save my grade
I love this guy. His explanations are clear, precise and so easy to absorb. His knowledge on networking is right up there with the best!
Could I make, 2 or 3 IPSEC tunnel by the same interface?
Hi. Thanks for such a great tutorial.
How to clear Isakmp SA
crypto isakmp policy 10
and :
encryption aes 256
authentication pre-share
group 5
doesn't work
greate explanation bro
excellent…
Pretty well explained, congrats!!
the ISP router is the ISP? the internet coming from right sir? i want to make our offices connected to each other
Thanks alot sir for sharing a really valuable information. The way you teach is awesome. Thank you sooo much sir.
Thank you very much sir. You've made my day. I was looking for this video for so long time, and, now i can finish my project!
THANK YOU!!!
Hello Dan I just want to say I LOVE YOU. Thanks for all your tutorials! More power to you Godbless!
Thanks you very much
can you please tell us what is the nat access list for this IPsec Tunnel ???..coz when I put nat command between Router 1 and Router 3, It doesn't work. I can,t access the local network.
But how to make this on real device? And where should be the location of IPS?
I seem to be the only one having problems. I've followed your steps but its seems that R1 or R3 cannot encrypt the traffic. What could cause that? I've re-read all the configs but can't find the issue…
good man
Hi sir,
If one of my user wants to access his account from his home or a conference hall, how can we configure that?
Hai, what is the use of VPN in leased line?
Thank you very very much
very good. Nice work. you simplified the vpn conf
Thank you for all that you do.
A great systematic & step by step explanation.
Awesome.
Thank u very much for it.
You're the best! I love U!