http://danscourses.com-了解如何使用Cisco IOS CLI在Cisco路由器上創建IPsec VPN隧道。 CCNA安全主題。
1.啟動R1,ISP和R3的配置。粘貼到全局配置模式:
主機名R1
介面g0 / 1
IP地址192.168.1.1 255.255.255.0
不關門
介面g0 / 0
IP地址209.165.100.1 255.255.255.0
不關門
出口
ip路由0.0.0.0 0.0.0.0 209.165.100.2
主機名ISP
介面g0 / 1
IP地址209.165.200.2 255.255.255.0
不關門
介面g0 / 0
IP地址209.165.100.2 255.255.255.0
不關門
出口
主機名R3
介面g0 / 1
IP地址192.168.3.1 255.255.255.0
不關門
介面g0 / 0
IP地址209.165.200.1 255.255.255.0
不關門
出口
ip路由0.0.0.0 0.0.0.0 209.165.200.2
2.確保路由器已啟用安全許可證:
許可證引導模塊c1900技術-軟體包securityk9
3.在隧道兩端(R1和R3)的路由器上配置IPsec
R1
crypto isakmp策略10
加密AES 256
驗證預共享
5組
!
crypto isakmp密鑰秘鑰地址209.165.200.1
!
加密ipsec變換集R1-R3 esp-aes 256 esp-sha-hmac
!
加密映射IPSEC-MAP 10 ipsec-isakmp
設置對等體209.165.200.1
設置pfs group5
設置安全關聯生命周期秒數86400
設置變換集R1-R3
匹配地址100
!
介面GigabitEthernet0 / 0
加密映射IPSEC-MAP
!
訪問列表100許可ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
R3
crypto isakmp策略10
加密AES 256
驗證預共享
5組
!
crypto isakmp密鑰secretkey地址209.165.100.1
!
加密ipsec轉換集R3-R1 esp-aes 256 esp-sha-hmac
!
加密映射IPSEC-MAP 10 ipsec-isakmp
設置對等體209.165.100.1
設置pfs group5
設置安全關聯生命周期秒數86400
設置變換集R3-R1
匹配地址100
!
介面GigabitEthernet0 / 0
加密映射IPSEC-MAP
!
訪問列表100許可ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255。
I love that the video was watched from almost all over the world.
Thank you Professor for sharing the knowledge.
Very well explained.
Great Video.
Good to remember that certain items in the Crypto Policy MUST match on the other side, but not all. These are
1.Hash 2. Encryption 3. Authentication 4. Diffie-Hellman Group number
what is the command for transport/tunnel mode?
thank´s i liked a video is fantastic
thank you man really great video and you made it clear and easy for me again thank you, god bless you
your video save my grade
I love this guy. His explanations are clear, precise and so easy to absorb. His knowledge on networking is right up there with the best!
Could I make, 2 or 3 IPSEC tunnel by the same interface?
Hi. Thanks for such a great tutorial.
How to clear Isakmp SA
crypto isakmp policy 10
and :
encryption aes 256
authentication pre-share
group 5
doesn't work
greate explanation bro
excellent…
Pretty well explained, congrats!!
the ISP router is the ISP? the internet coming from right sir? i want to make our offices connected to each other
Thanks alot sir for sharing a really valuable information. The way you teach is awesome. Thank you sooo much sir.
Thank you very much sir. You've made my day. I was looking for this video for so long time, and, now i can finish my project!
THANK YOU!!!
Hello Dan I just want to say I LOVE YOU. Thanks for all your tutorials! More power to you Godbless!
Thanks you very much
can you please tell us what is the nat access list for this IPsec Tunnel ???..coz when I put nat command between Router 1 and Router 3, It doesn't work. I can,t access the local network.
But how to make this on real device? And where should be the location of IPS?
I seem to be the only one having problems. I've followed your steps but its seems that R1 or R3 cannot encrypt the traffic. What could cause that? I've re-read all the configs but can't find the issue…
good man
Hi sir,
If one of my user wants to access his account from his home or a conference hall, how can we configure that?
Hai, what is the use of VPN in leased line?
Thank you very very much
very good. Nice work. you simplified the vpn conf
Thank you for all that you do.
A great systematic & step by step explanation.
Awesome.
Thank u very much for it.
You're the best! I love U!