CONFIGURANDO UNA VPN LAN TO LAN IPSEC ENTRE 2 EQUIPOS CISCO 1841

0:46:00 by Jose Angel Palomares Pedraza 1 comment

CONFIGURANDO UNA VPN LAN TO LAN IPSEC ENTRE 2 EQUIPOS CISCO 1841

Procedemos a configurar de la siguiente manera en los routers CISCO 1841.

 ROUTER-A#sh run
Building configuration...
Current configuration : 1123 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname ROUTER-A
!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
!
crypto isakmp key testkey1234 address 100.0.0.2
!
!
crypto ipsec transform-set aes-sha-transform esp-aes 256 esp-sha-hmac
!
crypto map aesmap 10 ipsec-isakmp
set peer 100.0.0.2
set transform-set aes-sha-transform
match address acl_vpn
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 100.0.0.1 255.255.255.0
ip nat outside
duplex auto
speed auto
crypto map aesmap
!
interface FastEthernet0/1
ip address 192.168.1.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router rip
!
ip nat inside source list acl_nat interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 100.0.0.2
!
!
ip access-list extended acl_vpn
 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
ip access-list extended acl_nat
deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end
ROUTER-B#sh run

 Building configuration...
Current configuration : 1123 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname ROUTER-B
!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
!
crypto isakmp key testkey1234 address 100.0.0.1
!
!
crypto ipsec transform-set aes-sha-transform esp-aes 256 esp-sha-hmac
!
crypto map aesmap 10 ipsec-isakmp 
set peer 100.0.0.1
set transform-set aes-sha-transform
match address acl_vpn
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 100.0.0.2 255.255.255.0
ip nat outside
duplex auto
speed auto
crypto map aesmap
!
interface FastEthernet0/1
ip address 192.168.2.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router rip
!
ip nat inside source list acl_nat interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 100.0.0.1
!
!
ip access-list extended acl_vpn
 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
ip access-list extended acl_nat
deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 any
!
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end
Autor: Angel Palomares Pedraza
Google+
Tagged in : , , , , , , , ,
Jose Angel Palomares Pedraza

Ubicación: Ilo, Perú

1 comentario:

Suscribete!

Suscribete para ser notificado sobre actualizaciones o nuevos posts.

Copyright 2015 Mis Experimentos con REDES y CISCO | Designed by Veethemes.com