CONFIGURANDO UNA VPN ATRAVES DE UNA INTERFAZ SERIAL PUNTO A PUNTO EN CISCO 1841

En este articulo se procedera a configurar una conexion VPN punto a punto, usando una interfaz Serial WIC-1T atraves de Modems Adtran 6500 y Routers Cisco 1841.

Para lograr establecer la conexion serial se usaron 2 Modems Adtran Express 6500 Series.

Su configuracion es la siguiente:

A) Para el modem NODO:

1. Ingresamos al Hyperterminal o cualquier otro software terminal, usando estas caracteristicas:

• Bits por segundo: 115200
• Bits de datos: 8
• Paridad: Ninguno
• Bits de Parada: 1
• Control de Flujo: Ninguno

2. En la pantalla principal tenemos lo siguiente, donde elegimos item 2 (Provisioning)

Unit Mode:  NT                                                03-Jan-00 12:10:57
Circuit ID:                                                Terminal Mode: Local

                                   Main Menu

                            1.  Unit Information
                            2.  Provisioning
                            3.  Status
                            4.  Test
                            5.  Performance History
                            6.  TSCAN
                            7.  Terminal Mode

                                 Selection: 2
                                ?.  System Help

3. Nos aparece lo siguiente: Item 2 (SHDSL Options)

Provisioning

                               1.  Unit Options
                               2.  SHDSL Options
                               3.  G.703 Options
                               4.  Nx64K Options
                               5.  Test Options

4. Tenemos: (cambiamos a 2-wire en Interface Mode, en Payload Rate escogemos la velodidad en este caso 2048 = 2Mb )

SHDSL Options

             1.  Interface Mode                       = 2-wire
             2.  Payload Rate(Kbps)                   = 2048 (N=32),N/A
             3.  SNR Margin Alarm Threshold(dB)       = Disabled
             4.  Loop Attenuation Alarm Threshold(dB) = Disabled
             5.  Outage Auto-Retrain                  = Disabled
             6.  PM Thresholds

5. Salimos a la pantalla anterior con ESC, y entramos a Item 1 (Unit Options)

6. La siguiente pantalla muestra las opciones de Unit Options, elegimos el Item 1 (Unit mode. y escogemos NT para NODO, para el caso del otro modo que sera cliente escogemos LT)

Unit Options

               1.  Unit Mode                = NT
               2.  Cross-Connect Map
               3.  Clock Source             = SHDSL RX Clock
               4.  Circuit ID
               5.  Date and Time
               6.  Restore Factory Defaults
               7.  Upgrade Firmware
               8.  Local Management         = Enabled
               9.  Change Password

Unit Mode

                                    1.  NT
                                    2.  LT

7. Regresando al menu de Unit Options, escogemos Item 2 (Cross-Connect Map). Aqui presionamos la tecla N para Full Nx64K Service, luego marcamos TS0 y presionamos la tecla 0, debe quedar de la siguiente manera, no olvidar presionar la tecla A para aplicar los cambios realizados. Salir

Cross-Connect Map
             SHDSL Timeslots                         G.703 Timeslots
    TS0  = 0    TS12 = 33   TS24 = 33      TS0  = 0    TS12 = 0    TS24 = 0
    TS1  = 33   TS13 = 33   TS25 = 33      TS1  = 0    TS13 = 0    TS25 = 0
    TS2  = 33   TS14 = 33   TS26 = 33      TS2  = 0    TS14 = 0    TS26 = 0
    TS3  = 33   TS15 = 33   TS27 = 33      TS3  = 0    TS15 = 0    TS27 = 0
    TS4  = 33   TS16 = 33   TS28 = 33      TS4  = 0    TS16 = 0    TS28 = 0
    TS5  = 33   TS17 = 33   TS29 = 33      TS5  = 0    TS17 = 0    TS29 = 0
    TS6  = 33   TS18 = 33   TS30 = 33      TS6  = 0    TS18 = 0    TS30 = 0
    TS7  = 33   TS19 = 33   TS31 = 33      TS7  = 0    TS19 = 0    TS31 = 0
    TS8  = 33   TS20 = 33   TS32 = NA      TS8  = 0    TS20 = 0
    TS9  = 33   TS21 = 33   TS33 = NA      TS9  = 0    TS21 = 0
    TS10 = 33   TS22 = 33   TS34 = NA      TS10 = 0    TS22 = 0
    TS11 = 33   TS23 = 33   TS35 = NA      TS11 = 0    TS23 = 0
       Timeslot Assignments                         Commands
        0.  Idle                A.  Apply New Map   G.  Full G.703 Service
    1.-31.  G.703 Service 1-31  C.  Cancel Changes  N.  Full Nx64K Service
       32.  G.704 Frame         Z.  Zero New Map  Tab.  SHDSL or G.703 Timeslots
       33.  Nx64K Service      Movement Keys: U. Up  D. Down  L. Left  R. Right
                           G.704 Framing = NA

B) Para el modem CLIENTE

1. Se utiliza la misma configuracion anterior, a excepcion de Unit Mode que debe ser LT.

Para ambos modems deben activarse los 4 leds en verde: SHDSL, Nx64K, RTS/C y RLSD/I.

Probar que ambas interfaces Serial de los routers Cisco esten con los leds verdes encendidos.

Configuracion de los Routers Cisco

Router A:

ROUTER-A#sh run
Building configuration...

Current configuration : 1638 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER-A
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
!
no ftp-server write-enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
crypto isakmp key testkey1234 address 100.0.0.2
no crypto isakmp ccm
!
!
crypto ipsec transform-set aes-sha-transform esp-aes 256 esp-sha-hmac
!
crypto map aesmap 10 ipsec-isakmp
 set peer 100.0.0.2
 set transform-set aes-sha-transform
 match address acl_vpn
!
!
!
!
!
interface FastEthernet0/1
 ip address 192.168.1.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/0/0
 ip address 100.0.0.1 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 crypto map aesmap
!
ip classless
ip route 0.0.0.0 0.0.0.0 100.0.0.2
!
!
ip http server
no ip http secure-server
ip nat inside source list acl_nat interface Serial0/0/0 overload
!
ip access-list extended acl_nat
 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
 permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended acl_vpn
 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
end

ROUTER-A#sh ver
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.3(14)T7,
 RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Wed 22-Mar-06 16:41 by pwade

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

ROUTER-A uptime is 2 hours, 29 minutes
System returned to ROM by reload at 03:31:04 UTC Thu Sep 29 2011
System image file is "flash:c1841-adventerprisek9-mz.123-14.T7.bin"

Cisco 1841 (revision 7.0) with 118784K/12288K bytes of memory.
Processor board ID FTX1135Y192
2 FastEthernet interfaces
1 Serial(sync/async) interface
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

Router B:

Current configuration : 1638 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER-B
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
!
no ftp-server write-enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
crypto isakmp key testkey1234 address 100.0.0.1
no crypto isakmp ccm
!
!
crypto ipsec transform-set aes-sha-transform esp-aes 256 esp-sha-hmac
!
crypto map aesmap 10 ipsec-isakmp
 set peer 100.0.0.1
 set transform-set aes-sha-transform
 match address acl_vpn
!
!
!
!
!
interface FastEthernet0/1
 ip address 192.168.2.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/0/0
 ip address 100.0.0.2 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 crypto map aesmap
!
ip classless
ip route 0.0.0.0 0.0.0.0 100.0.0.1
!
!
ip http server
no ip http secure-server
ip nat inside source list acl_nat interface Serial0/0/0 overload
!
ip access-list extended acl_nat
 deny   ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
 permit ip 192.168.2.0 0.0.0.255 any
ip access-list extended acl_vpn
 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
end

ROUTER-B#sh ver
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.3(14)T7,
 RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Wed 22-Mar-06 16:41 by pwade

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

ROUTER-B uptime is 2 hours, 27 minutes
System returned to ROM by reload at 03:39:04 UTC Thu Sep 29 2011
System image file is "flash:c1841-advipservicesk9-mz.123-14.T7.bin"

Cisco 1841 (revision 7.0) with 118784K/12288K bytes of memory.
Processor board ID FTX1120W0UD
2 FastEthernet interfaces
1 Serial(sync/async) interface
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

Autor: Angel Palomares Pedraza Google+