Created
February 4, 2024 06:00
-
-
Save overnew/06056091154af05d2d815fafeeef1f7b to your computer and use it in GitHub Desktop.
VPN_Branch2 conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//step 1: IP 세팅 | |
conf t | |
interface Serial1/0 | |
ip address 1.1.100.10 255.255.255.252 | |
no sh | |
interface Loopback0 | |
ip address 10.3.3.3 255.255.255.0 | |
router ospf 1 | |
network 1.0.0.0 0.255.255.255 area 1 | |
//Step 2: 터널링 | |
interface Tunnel1 | |
ip address 10.10.10.6 255.255.255.252 | |
tunnel source 1.1.100.10 | |
tunnel destination 1.1.100.2 | |
interface Tunnel2 | |
ip address 10.10.10.10 255.255.255.252 | |
tunnel source 1.1.100.10 | |
tunnel destination 1.1.100.14 | |
//Step 3: 터널링을 통한 OSPF 광고 | |
router ospf 1 | |
network 10.0.0.0 0.255.255.255 area 0 | |
//Step 4: VPN 설정 | |
//IKE Phase 1단계를 설정 한다. | |
crypto isakmp policy 10 | |
encryption aes 256 | |
hash sha | |
authentication pre-share | |
group 5 | |
lifetime 3600 | |
exit | |
//상대 라우터(R1, R2)와 ISAKMP 인증을 위한 암호를 지정한다. | |
crypto isakmp key 0 cloud address 1.1.100.2 | |
crypto isakmp key 0 cloud address 1.1.100.14 | |
//IKE Phase 2에서 보호할 Traffic을 정의한다. | |
ip access-list extended TOHQ1 | |
permit gre host 1.1.100.10 host 1.1.100.2 | |
exit | |
ip access-list extended TOHQ2 | |
permit gre host 1.1.100.10 host 1.1.100.14 | |
exit | |
//위에서 정의한 Traffic을 보호할 보안 정책을 지정한다. (IKE Phase 2) | |
crypto ipsec transform-set VPN esp-aes esp-sha-hmac | |
//Crypto Map을 사용하여 보호할 Traffic 및 Transform set을 조합한다. | |
crypto map BR2-VPN 10 ipsec-isakmp | |
match address TOHQ1 | |
set peer 1.1.100.2 | |
set transform-set VPN | |
exit | |
crypto map BR2-VPN 20 ipsec-isakmp | |
match address TOHQ2 | |
set peer 1.1.100.14 | |
set transform-set VPN | |
exit | |
인터페이스에 Crypto Map을 적용하여 VPN을 활성화 시킨다. | |
int s1/0 | |
crypto map BR2-VPN | |
do sh crypto isakmp sa |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment