CONFIGURAÇÃO DE UM TUNEL IPSec COM AUTENTICAÇÃO COM CHAVE PRÉ-PARTILHADA

.1 192.168.100.0/30 .1
.254 .1 .2 .254
172.16.10.0/24 172.16.20.0/24
R1 R2
IPSec Tunel
Relógio sincronizado (ESP) Relógio sincronizado
por NTP por NTP

Tráfego entre estas duas redes está protegido pelo tunel IPSec

hostname R1 hostname R2
! !
crypto isakmp policy 1 crypto isakmp policy 1
encr aes encr aes
authentication pre-share authentication pre-share
group 2 group 2
crypto isakmp key cisco123 address 192.168.100.2 crypto isakmp key cisco123 address 192.168.100.2
! !
! !
crypto ipsec transform-set TS esp-aes esp-sha-hmac crypto ipsec transform-set TS esp-aes esp-sha-hmac
! !
crypto map VPN 10 ipsec-isakmp crypto map VPN 10 ipsec-isakmp
set peer 192.168.100.2 set peer 192.168.100.2
set transform-set TS set transform-set TS
match address 100 match address 100
! !
interface Fa0/0 interface Fa0/0
ip address 172.16.10.254 255.255.255.0 ip address 172.16.20.254 255.255.255.0
no shut no shut
interface Fa0/1 interface Fa0/1
ip address 192.168.100.1 255.255.255.252 ip address 192.168.100.2 255.255.255.252
no shut no shut
crypto map VPN crypto map VPN
! !
router rip router rip
version 2 version 2
network 172.16.0.0 network 172.16.0.0
network 192.168.100.0 network 192.168.100.0
! !
access-list 100 permit ip 172.16.10.0 0.0.0.255 172.16.20.0 0.0.0.255 access-list 100 permit ip 172.16.10.0 0.0.0.255 172.16.20.0 0.0.0.255
! !