overnew/VPN_Branch2.conf

## VPN_Branch2.conf
//step 1: IP 세팅

conf t
interface Serial1/0
ip address 1.1.100.10 255.255.255.252
no sh

interface Loopback0
ip address 10.3.3.3 255.255.255.0


router ospf 1
network 1.0.0.0 0.255.255.255 area 1


//Step 2: 터널링

interface Tunnel1
ip address 10.10.10.6 255.255.255.252
tunnel source 1.1.100.10
tunnel destination 1.1.100.2

interface Tunnel2
ip address 10.10.10.10 255.255.255.252
tunnel source 1.1.100.10
tunnel destination 1.1.100.14


//Step 3: 터널링을 통한 OSPF 광고

router ospf 1
network 10.0.0.0 0.255.255.255 area 0


//Step 4: VPN 설정


//IKE Phase 1단계를 설정 한다.
crypto isakmp policy 10
encryption aes 256
hash sha
authentication pre-share
group 5
lifetime 3600
exit


//상대 라우터(R1, R2)와 ISAKMP 인증을 위한 암호를 지정한다.
crypto isakmp key 0 cloud address 1.1.100.2
crypto isakmp key 0 cloud address 1.1.100.14


//IKE Phase 2에서 보호할 Traffic을 정의한다.
ip access-list extended TOHQ1
permit gre host 1.1.100.10 host 1.1.100.2
exit
ip access-list extended TOHQ2
permit gre host 1.1.100.10 host 1.1.100.14
exit


//위에서 정의한 Traffic을 보호할 보안 정책을 지정한다. (IKE Phase 2)
crypto ipsec transform-set VPN esp-aes esp-sha-hmac


//Crypto Map을 사용하여 보호할 Traffic 및 Transform set을 조합한다.
crypto map BR2-VPN 10 ipsec-isakmp
match address TOHQ1
set peer 1.1.100.2
set transform-set VPN
exit


crypto map BR2-VPN 20 ipsec-isakmp
match address TOHQ2
set peer 1.1.100.14
set transform-set VPN
exit

인터페이스에 Crypto Map을 적용하여 VPN을 활성화 시킨다.
int s1/0
crypto map BR2-VPN


do sh crypto isakmp sa
	//step 1: IP 세팅

	conf t
	interface Serial1/0
	ip address 1.1.100.10 255.255.255.252
	no sh

	interface Loopback0
	ip address 10.3.3.3 255.255.255.0


	router ospf 1
	network 1.0.0.0 0.255.255.255 area 1


	//Step 2: 터널링

	interface Tunnel1
	ip address 10.10.10.6 255.255.255.252
	tunnel source 1.1.100.10
	tunnel destination 1.1.100.2

	interface Tunnel2
	ip address 10.10.10.10 255.255.255.252
	tunnel source 1.1.100.10
	tunnel destination 1.1.100.14



	//Step 3: 터널링을 통한 OSPF 광고

	router ospf 1
	network 10.0.0.0 0.255.255.255 area 0



	//Step 4: VPN 설정


	//IKE Phase 1단계를 설정 한다.
	crypto isakmp policy 10
	encryption aes 256
	hash sha
	authentication pre-share
	group 5
	lifetime 3600
	exit


	//상대 라우터(R1, R2)와 ISAKMP 인증을 위한 암호를 지정한다.
	crypto isakmp key 0 cloud address 1.1.100.2
	crypto isakmp key 0 cloud address 1.1.100.14


	//IKE Phase 2에서 보호할 Traffic을 정의한다.
	ip access-list extended TOHQ1
	permit gre host 1.1.100.10 host 1.1.100.2
	exit
	ip access-list extended TOHQ2
	permit gre host 1.1.100.10 host 1.1.100.14
	exit


	//위에서 정의한 Traffic을 보호할 보안 정책을 지정한다. (IKE Phase 2)
	crypto ipsec transform-set VPN esp-aes esp-sha-hmac


	//Crypto Map을 사용하여 보호할 Traffic 및 Transform set을 조합한다.
	crypto map BR2-VPN 10 ipsec-isakmp
	match address TOHQ1
	set peer 1.1.100.2
	set transform-set VPN
	exit


	crypto map BR2-VPN 20 ipsec-isakmp
	match address TOHQ2
	set peer 1.1.100.14
	set transform-set VPN
	exit

	인터페이스에 Crypto Map을 적용하여 VPN을 활성화 시킨다.
	int s1/0
	crypto map BR2-VPN



	do sh crypto isakmp sa