Configure Simple IPSEC Site to Site VPN in Cisco Routers Using GNS3

October 26, 2017 | Author: Anonymous ovq7UE2Wz | Category: VPN
Share Embed


Short Description

Description: vpn...

Description

  HO(config)#crypto map homap 10 ipsec-isakmp   % NOTE: This new crypto map will remain disabled until a peer   and a valid access list have been configured.   HO(config-crypto-map)#set peer 30.0.0.2   HO(config-crypto-map)#set transform-set hoset   HO(config-crypto-map)#match address 101   HO(config-crypto-map)#exit   HO(config)#interface serial 1/0   HO(config-if)#crypto map homap   HO(config-if)#exit   In Router BO global config mode,   BO(config)#crypto isakmp enable   BO(config)#crypto isakmp policy 10   BO(config-isakmp)#authentication pre-share   BO(config-isakmp)#hash md5   BO(config-isakmp)#encryption des   BO(config-isakmp)#group 2   BO(config-isakmp)#lifetime 3600   BO(config-isakmp)#exit   BO(config)#crypto isakmp key security address 20.0.0.1 255.0.0.0   BO(config)#crypto ipsec transform-set boset esp-des esp-md5-hmac   BO(cfg-crypto-trans)#exit   BO(config)#access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255   BO(config)#crypto map bomap 10 ipsec-isakmp   % NOTE: This new crypto map will remain disabled until a peer   and a valid access list have been configured.   BO(config-crypto-map)#set peer 20.0.0.1   BO(config-crypto-map)#set transform-set boset   BO(config-crypto-map)#match address 101   BO(config-crypto-map)#exit   BO(config)#interface serial 1/0   BO(config-if)#crypto map bomap   BO(config-if)#exit   BO(config)#   Step 4:Configure default static route on both HO and BO router to forward all packets to ISP router. In global config mode,   HO(config)#ip route 0.0.0.0 0.0.0.0 20.0.0.2   BO(config)#ip route 0.0.0.0 0.0.0.0 30.0.0.1   Now,Ho and BO router forward all packets to ISP its ISP responsible to route the packets to destination. Step 5:Enable debug for ipsec and isakmp on both routers, this will show you VPN proces in Routers In priveleged mode on HO and BO Routers HO#debug crypto ipsec   Crypto IPSEC debugging is on   HO#debug crypto isakmp   Crypto ISAKMP debugging is on   BO#debug crypto ipsec   Crypto IPSEC debugging is on   BO#debug crypto isakmp   Crypto ISAKMP debugging is on   Step 6:Ping host 192.168.2.10 from 192.168.1.10 Ping 192.168.2.10   I got reply form 192.168.2.10 Trouble Shooting Commands:   HO#show crypto isakmp ?   key Show ISAKMP preshared keys   policy Show ISAKMP protection suite policy   profile Show ISAKMP profiles    sa Show ISAKMP Security Associations   HO#show crypto isakmp key   HO#show crypto isakmp policy   HO#show crypto isakmp profile   HO#show crypto isakmp sa   HO#show crypto ipsec ?   profile Show ipsec profile information   sa IPSEC SA table   security-association Show parameters for IPSec security associations   transform-set Crypto transform sets   HO#show crypto ?   ca Show certification authority policy   dynamic-map Crypto map templates   engine Show crypto engine info   identity Show crypto identity list   ipsec Show IPSEC policy   isakmp Show ISAKMP Security Associations   key Show long term public keys   map Crypto maps   mib Show Crypto-related MIB Parameters   optional Optional Encryption Status   sockets Secure Socket Information   HO#debug crypto ?   ber decode ASN.1 BER data   engine Crypto Engine Debug   ipsec IPSEC processing   isakmp ISAKMP Key Management   mib IPSEC Management Transactions   pki PKI Client   socket Crypto Secure Socket Debug   verbose verbose decode  
View more...

Comments

Copyright © 2017 DOCTUTS.COM Inc.