Scribd Logo
Upload

Welcome to Scribd!

  • Ejemplo VPN 2

    Uploaded by

    jhonjunis
    27 views5 pages
    Vpn 2

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Vpn 2

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    27 views5 pages

    Ejemplo VPN 2

    Uploaded by

    jhonjunis
    Vpn 2

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Figure 3-9 Extranet VPN Scenario Physical Elements

     
    Headquarters Router Configuration
     hq-sanjose# ​show running-config
     Building configuration...
     
     Current configuration:
     !
     version 12.0
     service timestamps debug uptime
     service timestamps log uptime
     no service password-encryption
     !
     hostname hq-sanjose
     !
     boot system flash bootflash:
     boot bootldr bootflash:c7200-jk9o3s-mz.123-3
     boot config slot0:hq-sanjose-cfg-small
     no logging buffered
     !
     crypto isakmp policy 1
      authentication pre-share
      lifetime 84600
     crypto isakmp key test12345 address 172.24.2.5
     crypto isakmp key test67890 address 172.23.2.7
     !
     crypto ipsec transform-set proposal1 ah-sha-hmac esp-des
    esp-sha-hmac
     mode transport
     !
     crypto ipsec transform-set proposal4 ah-sha-hmac esp-des
    esp-sha-hmac
     !
      !
      crypto map s1first local-address Serial1/0
      crypto map s1first 1 ipsec-isakmp
      set peer 172.24.2.5
      set transform-set proposal1
      match address 101
      !
      crypto map s4second local-address Serial2/0
      crypto map s4second 2 ipsec-isakmp
      set peer 172.23.2.7
      set transform-set proposal4
      match address 111
     !
     interface Tunnel0
      bandwidth 180
      ip address 172.17.3.3 255.255.255.0
      no ip directed-broadcast
      tunnel source 172.17.2.4
      tunnel destination 172.24.2.5
      crypto map s1first
     !
     interface FastEthernet0/0
      ip address 10.1.3.3 255.255.255.0
      no ip directed-broadcast
      no keepalive
      full-duplex
      no cdp enable
     !
     interface FastEthernet0/1
      ip address 10.1.6.4 255.255.255.0
      no ip directed-broadcast
      ip nat inside
      no keepalive
      full-duplex
      no cdp enable
     !
     interface Serial1/0
      ip address 172.17.2.4 255.255.255.0
      no ip directed-broadcast
      no ip mroute-cache
      no keepalive
      fair-queue 64 256 0
      framing c-bit
      cablelength 10
      dsu bandwidth 44210
      clock source internal
      no cdp enable
      crypto map s1first
     !
     interface Serial2/0
      ip address 172.16.2.2 255.255.255.0
      no ip directed-broadcast
      ip nat outside
     no ip mroute-cache
      no keepalive
      fair-queue 64 256 0
      framing c-bit
      cablelength 10
      dsu bandwidth 44210
      clock source internal
      no cdp enable
      crypto map s4second
     !
     router bgp 10
      network 10.2.2.2 mask 255.255.255.0
      network 172.16.2.0 mask 255.255.255.0
     !
     ip route 10.1.4.0 255.255.255.0 Tunnel0
     !
     ip nat inside source static 10.1.6.5 10.2.2.2
     !
     access-list 101 permit gre host 172.17.2.4 host 172.24.2.5
     access-list 111 permit ip host 10.2.2.2 host 10.1.5.3
     !
     line con 0
      transport input none
     line aux 0
     line vty 0 4
      login
     !
     end
     
    Business Partner Router Configuration
     bus-ptnr# ​show running-config
     Building configuration...
     
     Current configuration:
     !
     version 12.0
     service timestamps debug uptime
     service timestamps log uptime
     no service password-encryption
     !
     hostname bus-ptnr
     !
     boot system flash bootflash:
     boot bootldr bootflash:c7200-jk9o3s-mz.123-3
     boot config slot0:bus-ptnr-cfg-small
     no logging buffered
     !
     crypto isakmp policy 1
      authentication pre-share
      lifetime 84600
     crypto isakmp key test67890 address 172.16.2.2
     !
     crypto ipsec transform-set proposal4 ah-sha-hmac esp-des
    esp-sha-hmac
     !
      !
      crypto map s4second local-address Serial1/0
      crypto map s4second 2 ipsec-isakmp
      set peer 172.16.2.2
      set transform-set proposal4
      match address 111
     !
     interface FastEthernet0/0
      ip address 10.1.5.2 255.255.255.0
      no ip directed-broadcast
      no keepalive
      full-duplex
      no cdp enable
     !
     interface Serial1/0
      ip address 172.23.2.7 255.255.255.0
      no ip directed-broadcast
      no ip mroute-cache
      no keepalive
      fair-queue 64 256 0
      framing c-bit
      cablelength 10
      dsu bandwidth 44210
      clock source internal
      no cdp enable
      crypto map s4second
     !
     router bgp 10
      network 10.1.5.0 mask 255.255.255.0
      network 172.16.2.0 mask 255.255.255.0
     !
     access-list 111 permit ip host 10.1.5.3 host 10.2.2.2
     !
     line con 0
      transport input none
     line aux 0
     line vty 0 4
      login
     !
     end

    You might also like