Scribd Logo
Upload

Welcome to Scribd!

  • VPNTRABAJO

    Uploaded by

    Jason Jostin Nigel Malpartida Arevalo
    14 views5 pages
    Seguridad, redes

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Seguridad, redes

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views5 pages

    VPNTRABAJO

    Uploaded by

    Jason Jostin Nigel Malpartida Arevalo
    Seguridad, redes

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    SITE1(config)#interface se0/0/1

    SITE1(config-if)#ip address 10.0.0.1 255.255.255.0


    SITE1(config-if)#no shut
    %LINK-5-CHANGED: Interface Serial0/0/1, changed state to down
    SITE1(config)#inter fa0/0
    SITE1(config-if)#ip address 172.16.20.1 255.255.255.0
    SITE1(config-if)#no shut
    %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
    %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed
    state to up
    SITE1(config)#inter fa0/1
    SITE1(config-if)#ip add 20.0.0.1 255.255.255.0
    SITE1(config-if)#no shut
    SITE1(config-if)# %LINK-5-CHANGED: Interface FastEthernet0/1, changed state
    to up

    SITE1(config-if)#exit

    SITE1(config)#ip access-list extended VPN-TRAFFIC


    SITE1(config-ext-nacl)#permit gre host 10.0.0.1 host 10.0.0.2
    SITE1(config-ext-nacl)#exit

    SITE1(config)#crypto isakmp policy 1


    SITE1(config-isakmp)#authentication pre-share
    SITE1(config-isakmp)#exit
    SITE1(config)#crypto isakmp key cisco address 10.0.0.2
    SITE1(config)#crypto ipsec transform-set taller esp-3des esp-md5-hmac

    SITE1(config)#crypto map vpn 10 ipsec-isakmp


    % NOTE: This new crypto map will remain disabled until a peer and a valid
    access list have been configured.
    SITE1(config-crypto-map)#set peer 10.0.0.2
    SITE1(config-crypto-map)#set transform-set taller
    SITE1(config-crypto-map)#match address VPN-TRAFFIC
    SITE1(config-crypto-map)#exit
    SITE1(config)#interface se0/0/1
    SITE1(config-if)#crypto map vpn

    SITE1(config)#crypto isakmp policy 10


    SITE1(config-isakmp)#encryption 3des
    SITE1(config-isakmp)#authentication pre-share
    SITE1(config-isakmp)#group 2
    SITE1(config-isakmp)#exit

    SITE1(config-isakmp-group)#pool PoolVPN

    SITE1(config-isakmp-group)#exit

    ROTER SITE2

    Router>ena

    SITE2(config)#interface fa0/0
    SITE2(config-if)#ip address 172.16.10.1 255.255.255.0
    SITE2(config-if)#no shut
    SITE2(config-if)# %LINK-5-CHANGED: Interface FastEthernet0/0, changed state
    to up
    %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed
    state to up

    SITE2(config-if)#exit
    SITE2(config)#inter se0/0/1
    SITE2(config-if)#ip add 10.0.0.2 255.255.255.0
    SITE2(config-if)#no shut
    SITE2(config-if)# %LINK-5-CHANGED: Interface Serial0/0/1, changed state to up
    %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state
    to up

    SITE2(config)#INT TUNNEL 0
    SITE2(config-if)#%LINK-5-CHANGED: Interface Tunnel0, changed state to up
    SITE2(config-if)#ip address 192.168.1.2 255.255.255.0
    SITE2(config-if)#tunnel source serial0/0/1
    SITE2(config-if)#tunnel destination 10.0.0.1
    SITE2(config-if)#%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0,
    changed state to up
    SITE2(config-if)#tunnel mode gre ip
    SITE2(config-if)#no shutdown
    SITE2(config)#ip access-list extended VPN-TRAFFIC
    SITE2(config-ext-nacl)#permit gre host 10.0.0.2 host 10.0.0.1
    SITE2(config-ext-nacl)#exit

    SITE2(config)#crypto isakmp policy 1


    SITE2(config-isakmp)#authentication pre-share
    SITE2(config-isakmp)#exit
    SITE2(config)#crypto isakmp key cisco address 10.0.0.1
    SITE2(config)#crypto ipsec transform-set taller esp-3des esp-md5-hmac
    SITE2(config)#crypto map vpn 10 ipsec-isakmp
    % NOTE: This new crypto map will remain disabled until a peer and a valid
    access list have been configured.
    SITE2(config-crypto-map)#set peer 10.0.0.1
    SITE2(config-crypto-map)#set transform-set taller
    SITE2(config-crypto-map)#match address VPN-TRAFFIC
    SITE2(config-crypto-map)#exit
    SITE2(config)#interface se0/0/1
    SITE2(config-if)#crypto map vpn
    *Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON

    ROUTER EXT
    Router>ena
    Router#configure terminal
    Enter configuration commands, one per line. End with CNTL/Z.
    Router(config)#hostname EXT
    EXT(config)#enable secret cisco1
    EXT(config)#line console 0
    EXT(config-line)#password cisco
    EXT(config-line)#login
    EXT(config-line)#exit

    EXT(config)#service password-encryption
    EXT(config)#inter gig0/0
    EXT(config-if)#ip add 20.0.0.2 255.255.255.0
    EXT(config-if)#no shutdown

    EXT(config-if)#%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to


    up
    EXT(config-if)#exit
    EXT(config)#inter fa0/1
    EXT(config-if)#ip address 176.16.30.1 255.255.255.0
    EXT(config-if)#no shutdown
    EXT(config-if)# %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to
    up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,
    changed state to up
    EXT(config-if)#exit

    You might also like