サイト間IPSec VPN(crypto map)の構成・設定 |
Dynalconf HOME |
Dynamips/Dynagenを使用して、サイト間IPSec VPN(crypto map)を設定します。
ip route 192.168.16.0 255.255.240.0 Serial1/0 ip route 192.168.32.0 255.255.240.0 Serial1/0
ip route 192.168.0.0 255.255.240.0 Serial1/0 ip route 192.168.32.0 255.255.240.0 Serial1/0
ip route 192.168.0.0 255.255.240.0 Serial1/0 ip route 192.168.16.0 255.255.240.0 Serial1/0
3.1 IKE Policy 3.1.1 HQ iskakmp policy 10 encryption : des hash : md5 authentication : pre-share DH group : group 1 isakmp policy 20 encryption : 3des hash : md5 authentication : pre-share DH group : group 2 isakmp policy 30 encryption : aes hash : sha authentication : pre-share DH group : group 2 pre-shared key : cisco123(address: 20.0.0.2) pre-shared key : cisco456(address: 30.0.0.2) 3.1.2 Branch1 isakmp policy 10 encryption : 3des hash : md5 authentication : pre-share DH group : group 2 pre-shared key : cisco123(address 10.0.0.2) 3.1.3 Branch2 isakmp policy 10 encryption : aes hash : sha authentication : pre-share DH group : group 2 pre-shared key : cisco456(address 10.0.0.2) 3.2 IPSec Transform Set 3.2.1 HQ ipsec transform-set Trset10 protocol : esp encryption : des hash : md5-hmac ipsec transform-set Trset20 protocol : esp encryption : 3des hash : md5-hmac ipsec transform-set Trset30 protocol : esp encryption : aes hash : sha-hmac 3.2.2 Branch1 ipsec transform-set Trset10 protocol : esp encryption : 3des hash : md5-hmac 3.2.3 Branch2 ipsec transform-set Trset10 protocol : esp encryption : aes hash : sha-hmac 3.3 Crypto Map 3.3.1 HQ crypto map ToBR 10 ipsec-isakmp set peer 20.0.0.2 set transform-set Trset20 match address 101 crypto map ToBR 20 ipsec-isakmp set peer 30.0.0.2 set transform-set Trset30 match address 102 3.3.2 Branch1 crypto map ToHQ ipsec-isakmp set peer 10.0.0.2 set transform-set Trset10 match address 100 3.3.3 Branch2 crypto map ToHQ ipsec-isakmp set peer 10.0.0.2 set transform-set Trset10 match address 100 3.4 IPSec VPN access-list 3.4.1 HQ HQ To Branch1 access-list 101 permit ip 192.168.0.0 0.0.15.255 192.168.16.0 0.0.15.255 access-list 101 permit ip 192.168.32.0 0.0.15.255 192.168.16.0 0.0.15.255 HQ To Branch2 access-list 102 permit ip 192.168.0.0 0.0.15.255 192.168.32.0 0.0.15.255 access-list 102 permit ip 192.168.16.0 0.0.15.255 192.168.32.0 0.0.15.255 3.4.2 Branch1 Branch1 To HQ access-list 100 permit ip 192.168.16.0 0.0.15.255 192.168.0.0 0.0.15.255 access-list 100 permit ip 192.168.16.0 0.0.15.255 192.168.32.0 0.0.15.255 3.4.3 Branch2 Bracnch2 To HQ access-list 100 permit ip 192.168.32.0 0.0.15.255 192.168.0.0 0.0.15.255 access-list 100 permit ip 192.168.32.0 0.0.15.255 192.168.16.0 0.0.15.255
(1) Dynagen .net file (2) HQ1 (3) HQ2 (4) HQHOST (5) BR11 (6) BR12 (7) BR1HOST (8) BR21 (9) BR22 (10) BR2HOST (11) R1
HQ1 : sh crypto isakmp sa sh crypto engine connections active BR11 : sh crypto isakmp sa sh crypto engine connections active BR21 : sh crypto isakmp sa sh crypto engine connections active (1) HQ1 (2) BR11 (3) BR21
Dynalconf HOME |