HomeНаука и техникаRelated VideosMore From: Derpy Networking

IPsec VPN Tunnel

48 ratings | 12975 views
Pre-setup: Usually this is the perimeter router so allow the firewall. Optional access-list acl permit udp source wildcard destination wildcard eq isakmp access-list acl permit esp source wildcard destination wildcard access-list acl permit ahp source wildcard destination wildcard You need to enable to securityk9 technology-package Router(config)#license boot module c2900 technology-package securityk9 Router(config)#reload Task 1: Configure the ISAKMP policy for IKE Phase 1 There are seven default isakmp policies. The most secure is the default. We will configure our own. You can remember this by HAGLE. Hash, Authentication, Group (DH), Lifetime, Encryption. Router(config)#crypto isakmp policy 1 Router(config-isakmp)#hash sha Router(config-isakmp)#authentication pre-share Router(config-isakmp)#group 5 Router(config-isakmp)#lifetime 3600 Router(config-isakmp)#encryption aes 256 We used a pre-shared key for authentication so we need to specify the password for the first phase. Router(config)#crypto isakmp key derpyisbestpony address 208.77.5.1 show crypto isakmp policy Task 2: Configure the IPsec Policy for IKE Phase 2 Configure the encryption and hashing algorithms that you will use for the data sent thought the IPsec tunnel. Hence the transform. Router(config)#crypto ipsec transform-set transform_name esp-aes esp-sha-hmac Task 3: Configure ACL to define interesting traffic Even though the tunnel is setup it doesn’t exist yet. Interesting traffic must be detected before IKE Phase 1 negotiations can begin. Allow the local lan to the remote lan. Router(config)#access-list 101 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255 show crypto isakmp sa Task 4: Configure a Crypto Map for the IPsec Policy Now that interesting traffic is defined and an IPsec transform set is configured, you need to bind them together with a crypto map. Rotuer(config)# crypto map map_name seq_num ipsec-isakmp What traffic will be interesting? The access-list we made before. Router(config-crypto-map)#match address 101 The transform-set we created earlier for the IPsec tunnel. Router(config-crypto-map)# set transform-set transform_name The peer router you’re connecting to. Router(config-crypto-map)#set peer 172.30.2.2 You need to set the type of DH you want to use. Router(config-crypto-map)#set pfs group5 How long these setting will last before it’s renegotiated Router(config-crypto-map)#set security-association lifetime seconds 900 Task 5: Apply the IPsec Policy Apply the crypto map to the interface. Router(config)#interface serial0/0/0 Router(config-if)#crypto map map_name show crypto map derpy: http://th03.deviantart.net/fs71/PRE/f/2012/302/6/1/derpy_hooves_by_freak0uo-d5jedxp.png twilight: http://fc03.deviantart.net/fs70/i/2012/226/e/5/twilight_sparkle_vector_by_ikillyou121-d56s0vc.png
Html code for embedding videos on your blog
Text Comments (12)
Mok4200 (8 months ago)
pretty...unique example. Think i found the broney
Mano b (8 months ago)
thanks for providing very useful information.I am using VPN service subscribed from www.datasoft.ws
Oluwa mide (8 months ago)
good
Spectr3 L. (9 months ago)
can't enter, access is denied
Spectr3 L. (9 months ago)
again, I do not have the "gateway tech"
SooZoodimp (1 year ago)
Thanks a lot It works in my packet tracer network perfectly If someone wonders how to recognize if it works ... (I am just a student ... don't know if it's actually right - but for me .... it makes sense) When using static routing or routing protocols ... If you tracert your destination address - you should get something like this (in case of network from video - it should be like it's in the brackets[ ] ) 1 0 ms 0 ms 0 ms 192.168.1.1 [ 10.0.0.1 ] 2 1 ms 0 ms 1 ms 192.168.20.2 [ 208.77.5.2 ] - this will dissapear when Ipsec works 3 2 ms 1 ms 11 ms 192.168.10.1 [ 66.1.50.65 ] 4 3 ms 1 ms 2 ms 192.168.0.10 [ 192.168.0.150 ] When using IPSEC tunnel (main router doesn't appear here at all) 1 0 ms 1 ms 0 ms 192.168.1.1 [ 10.0.0.1 ] 2 2 ms 3 ms 2 ms 192.168.10.1 [ 66.1.50.65 ] 3 1 ms 11 ms 3 ms 192.168.0.10 [ 192.168.0.150 ] Hope it clarifies it a bit for someone. Correct me if I am wrong in some way.
Cesar Villa (1 year ago)
You didn't do any commands to verify if it's working. How would you do that?
Derpy Networking (1 year ago)
If you look in the description, you'll see some show commands at different stages.
Sir Abe (2 years ago)
noice vidayyeo
Derpy Networking (2 years ago)
+Ibra AT Thanks!
5656Dana (2 years ago)
Wow. XD
Derpy Networking (2 years ago)
+5656Dana Yay! NOMNOMNOMNOM

Would you like to comment?

Join YouTube for a free account, or sign in if you are already a member.