Docstoc

configuring VPN on cisco routers

Document Sample
configuring VPN on cisco routers Powered By Docstoc
					CONFIGURING VPN ONROUTERS-




FALLOW THE EXAMPLE GIVEN ABOVE.




Router(config)#crypto isakmp enable     <=== enable IPsec

Router(config)#crypto isakmp policy 1     <=== set new policy with number 1

Router(config-isakmp)#authentication pre-share <=== using shred key authentication method
(if use certification use rsa-sig instead of pre-share)

Router(config-isakmp)#encryption aes     <=== use symmetric encryption AES

Router(config-isakmp)#hash sha          <=== use hash alghorthim sha for data integrity

Router(config-isakmp)#group 2             <=== use diffe helman group 2

Router(config-isakmp)#exit
Router(config)#crypto isakmp key radhe address 11.0.0.1 0.0.0.0 <=== radhe is the key will
used with next site , next site ip address 11.0.0.1 and note on packet tracer you use 0.0.0.0
instead of subnetmask

Router(config)#crypto ipsec transform-set vijay esp-aes esp-sha-hmac <=== set transform set
called vijay and esp is the protocol will be used , u can use AH on internal VPN

Router(config)#crypto ipsec security-association lifetime seconds 86400       <=== key expire
after 86400 seconds

Router(config)#ip access-list extended ram                                <=== ACL called ram
to tell which traffic will use the vpn tunnel

Router(config-ext-nacl)#permit ip 12.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255

Router(config-ext-nacl)#exit

Router(config)#crypto map rajul 100 ipsec-isakmp                  <=== create crypto map
called rajul with seq number 100

% NOTE: This new crypto map will remain disabled until a peer

    and a valid access list have been configured.

Router(config-crypto-map)#match address ram                            <=== link above ACL to
this crypto map

Router(config-crypto-map)#set peer 11.0.0.1                         <=== link next site ip
address to this crypto map

Router(config-crypto-map)#set pfs group2                          <=== link DH group 2 to this
crypto map

Router(config-crypto-map)#set transform-set vijay                          <=== link above
transform set to this crypto map

Router(config-crypto-map)#ex

Router(config)#int fa 0/1                       <=== apply crypto map rajul to interface face
the next site link.

Router(config-if)#crypto map rajul

*Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
Router(config-if)#do wr

Building configuration...

[OK]

Router(config-if)#^Z

Router#




for router 0 we will type the following commands :



Router(config)#crypto isakmp enable

Router(config)#crypto isakmp policy 1

Router(config-isakmp)#authentication pre-share

Router(config-isakmp)#encryption aes

Router(config-isakmp)#group 2

Router(config-isakmp)#hash sha

Router(config-isakmp)#exit

Router(config)#crypto isakmp key radhe address 11.0.0.2 0.0.0.0

Router(config)#crypto ipsec transform-set vijay esp-aes esp-sha-hmac

Router(config)#crypto ipsec security-association lifetime seconds 86400

Router(config)#ip access-list extended ram

Router(config-ext-nacl)#permit ip 10.0.0.0 0.255.255.255 12.0.0.0 0.255.255.255

Router(config-ext-nacl)#exit

Router(config)#crypto map rajul 100 ipsec-isakmp

% NOTE: This new crypto map will remain disabled until a peer
    and a valid access list have been configured.

Router(config-crypto-map)#match address ram

Router(config-crypto-map)#set peer 11.0.0.2

Router(config-crypto-map)#set pfs group2

Router(config-crypto-map)#set transform-set vijay

Router(config-crypto-map)#exit

Router(config)#interface fastEthernet 0/1

Router(config-if)#crypto map rajul

*Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON

Router(config-if)#exit

Router(config)#do wr

Building configuration...

[OK]

Router(config)#

now lets go to router 0 and do some show commands :

Router#show crypto Isakmp policy

Now you can also check it on packet tracer simulation mode by reading packet information.




    If you have any query or suggestion on IP ADDRESSING so you can mail me at..

                         radhe.mohan.tripathi@gmail.com.

				
DOCUMENT INFO
Shared By:
Stats:
views:27
posted:11/15/2012
language:Latin
pages:5
Description: configuring dhcp on cisco routers