CREATING SITE TO SITE VPN
Let
you have two router situated in different place like one in Chittagong
and other in Dhaka and are connected separately throw different public
network. You want to communicate between them and transfer data
securely such as they are connected directly throw a serial cable and
communicating. For this purpose we need creating a site to site virtual
private network(VPN). Below I will give an example of that and
configuration.
Router 0:
Router#config t
Router(config)#hostname R0
R0(config)#int f0/1
R0(config-if)#ip address 192.168.1.1 255.255.255.0
R0(config-if)#no shut
R0(config-if)#exit
R0(config)#int s0/0/0
R0(config-if)#ip address 10.1.1.1 255.255.255.0
R0(config-if)#no shut
R0(config-if)#clock rate 64000
R0(config-if)#exit
Router#config t
Router(config)#hostname R0
R0(config)#int f0/1
R0(config-if)#ip address 192.168.1.1 255.255.255.0
R0(config-if)#no shut
R0(config-if)#exit
R0(config)#int s0/0/0
R0(config-if)#ip address 10.1.1.1 255.255.255.0
R0(config-if)#no shut
R0(config-if)#clock rate 64000
R0(config-if)#exit
R0(config)#crypto isakmp policy 10
R0(config-isakmp)#encryption aes 256
R0(config-isakmp)#authentication pre-share
R0(config-isakmp)#group 5
R0(config-isakmp)#lifetime 3600
R0(config-isakmp)#exit
R0(config)#crypto isakmp key cisco123 address 10.2.2.1
R0(config)#crypto ipsec security-association lifetime seconds 1800
R0(config)#crypto ipsec transform-set 50 esp-sha-hmac
R0(config)#crypto map CMAP 10 ipsec-isakmp
R0(config-crypto-map)#set peer 10.2.2.1
R0(config-crypto-map)#set security-association lifetime seconds 900
R0(config-crypto-map)#set transform-set 50
R0(config-crypto-map)#set pfs group5
R0(config-crypto-map)#match address 101
R0(config)#int s0/0/0
R0(config-if)#crypto map CMAP
R0(config-if)#exit
R0(config)#access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
R0(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.2
R0(config-isakmp)#encryption aes 256
R0(config-isakmp)#authentication pre-share
R0(config-isakmp)#group 5
R0(config-isakmp)#lifetime 3600
R0(config-isakmp)#exit
R0(config)#crypto isakmp key cisco123 address 10.2.2.1
R0(config)#crypto ipsec security-association lifetime seconds 1800
R0(config)#crypto ipsec transform-set 50 esp-sha-hmac
R0(config)#crypto map CMAP 10 ipsec-isakmp
R0(config-crypto-map)#set peer 10.2.2.1
R0(config-crypto-map)#set security-association lifetime seconds 900
R0(config-crypto-map)#set transform-set 50
R0(config-crypto-map)#set pfs group5
R0(config-crypto-map)#match address 101
R0(config)#int s0/0/0
R0(config-if)#crypto map CMAP
R0(config-if)#exit
R0(config)#access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
R0(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.2
ROUTER1:
Router#config t
Router(config)#hostname R1
R1(config)#int s0/0/1
R1(config-if)#ip address 10.1.1.2 255.255.255.0
R1(config-if)#no sh
R1(config-if)#ex
R1(config)#in s0/0/0
R1(config-if)#ip address 10.2.2.2 255.255.255.0
R1(config-if)#no sh
Router(config)#hostname R1
R1(config)#int s0/0/1
R1(config-if)#ip address 10.1.1.2 255.255.255.0
R1(config-if)#no sh
R1(config-if)#ex
R1(config)#in s0/0/0
R1(config-if)#ip address 10.2.2.2 255.255.255.0
R1(config-if)#no sh
ROUTER2:
Router#conf t
Router(config)#hostname R2
R2(config)#int f0/0
R2(config-if)#ip address 192.168.3.1 255.255.255.0
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#int s0/0/1
R2 (config-if)#ip address 10.2.2.1 255.255.255.0
R2 (config-if)#no shut
R2 (config-if)#clock rate 64000
R2 (config-if)#exit
R2(config)#crypto isakmp policy 10
R2 (config-isakmp)#encryption aes 256
R2 (config-isakmp)#authentication pre-share
R2(config-isakmp)#group 5
R2(config-isakmp)#lifetime 3600
R2(config-isakmp)#exit
R2(config)#crypto isakmp key cisco123 address 10.1.1.1
R2(config)#crypto ipsec security-association lifetime seconds 1800
R2 (config)#crypto ipsec transform-set 50 esp-sha-hmac
R 2(config)#crypto map CMAP 10 ipsec-isakmp
R2(config-crypto-map)#set peer 10.1.1.1
R2 (config-crypto-map)#set security-association lifetime seconds 900
R2 (config-crypto-map)#set transform-set 50
R2 (config-crypto-map)#set pfs group5
R2 (config-crypto-map)#match address 101
R2 (config)#int s0/0/1
R2 (config-if)#crypto map CMAP
R2(config-if)#exit
R2(config)#access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
R2(config)#ip route 0.0.0.0 0.0.0.0 10.2.2.2
END OF CONFIGURATION
POINT TO BE NOTED:
• Use space exactly
• Don’t worry about the routing path of router 1
FOR MORE INFO WATCH THE VIDIO.LINK IS BELOW
Router#conf t
Router(config)#hostname R2
R2(config)#int f0/0
R2(config-if)#ip address 192.168.3.1 255.255.255.0
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#int s0/0/1
R2 (config-if)#ip address 10.2.2.1 255.255.255.0
R2 (config-if)#no shut
R2 (config-if)#clock rate 64000
R2 (config-if)#exit
R2(config)#crypto isakmp policy 10
R2 (config-isakmp)#encryption aes 256
R2 (config-isakmp)#authentication pre-share
R2(config-isakmp)#group 5
R2(config-isakmp)#lifetime 3600
R2(config-isakmp)#exit
R2(config)#crypto isakmp key cisco123 address 10.1.1.1
R2(config)#crypto ipsec security-association lifetime seconds 1800
R2 (config)#crypto ipsec transform-set 50 esp-sha-hmac
R 2(config)#crypto map CMAP 10 ipsec-isakmp
R2(config-crypto-map)#set peer 10.1.1.1
R2 (config-crypto-map)#set security-association lifetime seconds 900
R2 (config-crypto-map)#set transform-set 50
R2 (config-crypto-map)#set pfs group5
R2 (config-crypto-map)#match address 101
R2 (config)#int s0/0/1
R2 (config-if)#crypto map CMAP
R2(config-if)#exit
R2(config)#access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
R2(config)#ip route 0.0.0.0 0.0.0.0 10.2.2.2
END OF CONFIGURATION
POINT TO BE NOTED:
• Use space exactly
• Don’t worry about the routing path of router 1
FOR MORE INFO WATCH THE VIDIO.LINK IS BELOW
0 comments:
Post a Comment