Mô hình bài Lab như sau
// ROUTER 1enable
conf t
hostname R1
int serial 0/0
ip address 192.1.12.1 255.255.255.252
no shutdown
description ketnoi_Internet
exit
int fa 0/0
ip add 172.16.11.1 255.255.255.0
no sh
description ketnoi_Router_11
exit
interface loopback 0
ip address 172.16.0.1 255.255.255.0
exit
router rip
network 172.16.0.0
version 2
no auto-summary
default-information originate
redistribute static route
exit
ip route 0.0.0.0 0.0.0.0 192.1.12.2
interface serial 0/0
ip nat outside
exit
int fa 0/0
ip nat inside
exit
access-list 110 deny ip 172.16.0.0 0.0.255.255 192.168.2.0 0.0.0.255
access-list 110 permit ip any any
ip nat inside source list 110 interface serial 0/0 overload
- cau hinh vpn ipsec
crypto map test local-address Serial0/0
crypto ipsec security-association idle-time 3600
crypto isakmp policy 10
hash md5
encryption 3des
authentication pre-share
group 2
exit
crypto isakmp key 6 cisco address 192.1.23.1
crypto ipsec transform-set athena esp-3des
exit
access-list 115 permit ip 172.16.0.0 0.0.255.255 192.168.2.0 0.0.0.255
crypto map test 10 ipsec-isakmp
set peer 192.1.23.1
set transform-set athena
match address 115
reverse-route
exit
int s 0/0
crypto map test
exit
//Router 11
enable
conf t
hostname R11
int fa 0/0
ip address 172.16.11.11 255.255.255.0
no sh
exit
int lo 0
ip add 172.16.1.1 255.255.255.0
exit
router rip
network 172.16.0.0
version 2
no auto-summary
exit
//ISP router
enable
conf t
hostname ISP
int s 0/0
ip add 192.1.12.2 255.255.255.252
no sh
exit
int fa 0/0
ip add 192.1.23.2 255.255.255.252
no sh
exit
int loop 100
description Test_interface
ip add 100.100.100.100 255.255.255.0
exit
//Router 2
enable
conf t
hostname R2
int serial 0/0
ip add 192.1.23.1 255.255.255.252
no sh
exit
int fa 0/0
ip add 192.168.2.254 255.255.255.0
no shutdown
no keepalive
exit
ip route 0.0.0.0 0.0.0.0 192.1.23.2
int serial 0/0
ip nat outside
int fa 0/0
ip nat inside
exit
access-list 110 deny ip 192.168.2.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 110 permit ip any any
ip nat inside source list 110 interface serial 0/0 overload
[b]- cau hinh vpn ipsec site to site
[/b]
crypto isakmp policy 10
hash md5
encryption 3des
authentication pre-share
exit
crypto isakmp key 6 cisco address 192.1.12.1
crypto ipsec transform-set athena esp-3des
exit
access-list 115 permit ip 192.168.2.0 0.0.0.255 172.16.0.0 0.0.255.255
crypto map test 10 ipsec-isakmp
set peer 192.1.12.1
set transform-set athena
match address 115
reverse-route
exit
int s 0/0
crypto map test
exit