VPN acer
5.1.
IPSec VPN-
NAT access-list
5.2.
IPSec NAT
Cisco Packet Tracer.
5.3.
VPN (Virtual Private Network
65
---
VPN
VPN
VPN-
IPSec (IP Security), OpenVPN PPTP (Point-to-Point
Tunneling Protocol IPSec.
IPSec
1. ESP (Encapsulating Security Payload
2.AH (Authentication Header
3.IKE (Internet Key Exchange protocol
IPSec SA (Security Association
Security Association
SA.
IPSec:
66
IKE
IPSec- |
- |
ISAKMP Tunnel |
ISAKMP |
|
crypto isakmp policy |
ISAKMP show crypto isakmp sa IKE.
crypto ipsec transform-set
ISAKMP SA
IPSec-
lifetime IPSec SA
crypto map lifetime
ISAKMP- SA.
crypto ipsec transform-set
crypto ipsec transform-set SET1 esp-aes -
.
67
hash
SHA)
hash
hash
-
-
-
IP-
NAT.
-
1.-
-
-
68
-
- 2.
3.
--
--
-
5.4.
5.4.1.
5.4.1.
5.
Cisco Cisco 2811),
Cisco Cisco 2811),
69
|
Cisco |
|
|
|
|
|
|
|
5.4.1 |
|
|
IP- |
|
|
PC0 |
FastEthernet 0 |
192.168.1.2 |
255.255.255.0 (24 |
|
|
|
192.168.1.1) |
|
|
PC1 |
FastEthernet 0 |
192.168.1.3 |
255.255.255.0 (24 |
|
|
|
192.168.1.1) |
|
|
PC2 |
FastEthernet 0 |
192.168.2.2 |
255.255.255.0 (24 |
|
|
|
192.168.2.1) |
|
|
PC3 |
FastEthernet 0 |
192.168.2.3 |
255.255.255.0 (24 |
|
|
|
192.168.2.1) |
|
|
Router0 |
FastEthernet 0/0 |
210.210.1.2 |
255.255.255.252 (30 |
|
( |
FastEthernet 0/1 |
192.168.1.1 |
255.255.255.0 (24 |
|
Router1 |
FastEthernet 0/0 |
210.210.2.2 |
255.255.255.252 (30 |
|
|
FastEthernet 0/1 |
192.168.2.1 |
255.255.255.0 (24 |
|
Router2 |
FastEthernet 0/0 |
210.210.1.1 |
255.255.255.252 (30 |
|
( |
FastEthernet 0/1 |
210.210.2.1 |
255.255.255.252 (30 |
|
|
|
- |
|
|
|
, |
|
|
|
|
|
Desktop |
|
IP |
Configurations |
IP- |
|
|
|
|
|
|
5. |
PC |
70
5. PC0
C:\>ipconfig
PC.
Router
CLI
no Tab):
Router>enable
Router#configure terminal
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip address 210.210.1.2 255.255.255.252
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface fastEthernet 0/1
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#ip route 0.0.0.0 0.0.0.0 210.210.1.1
Router(config)#end
Router#wr mem
71
Router#show running-config
Enter
5.4.3).
5. Router0
5.4.1.
IP-
Router>enable
Router#configure terminal
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip address 210.210.1.1 255.255.255.252
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface fastEthernet 0/1
Router(config-if)#ip address 210.210.2.1 255.255.255.252
Router(config-if)#no shutdown
Router(config-if)#end
5.4.2. NAT
Router Router NAT
IP-
Router0
:
72
Router>enable
Router#configure terminal
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#interface fastEthernet 0/1
Router(config-if)#ip nat inside
Router(config-if)#exit
access-list
Router(config)#ip access-list standard FOR-NAT Router(config-std-nacl)#permit 192.168.1.0 0.0.0.255 ( Router(config-std-nacl)#exit
Router(config)#ip nat inside source list FOR-NAT interface fastEthernet 0/0 overload
Router(config)#end Router#wr mem
Router#show running-config access-list
5.:
C:\>ping 210.210.1.1
5.
73
NAT
NAT IP- PCIP-
5.4.3. VPN
VPN Router0.
Router>enable
Router#configure terminal
Router(config)#crypto isakmp policy 1
crypto isakmp policy IKE (Internet Key Exchange
ISAKMP -
ISAKMP
Router(config-isakmp)#encryption 3des
Router(config-isakmp)#hash md5
Router(config-isakmp)#authentication pre-share
Router(config-isakmp)#group 2
Router(config-isakmp)#exit
VPN):
Router(config)#crypto isakmp key cisco address 210.210.2.2
IPSec
74