The OpenNET Project / Index page

[ новости/++ | форум | wiki | теги ]

Настройка IPsec в Cisco (cisco security crypt ipsec tunnel vpn)

<< Предыдущая ИНДЕКС Поиск в статьях src Установить закладку Перейти на закладку Следующая >>
Ключевые слова: cisco, security, crypt, ipsec, tunnel, vpn,  (найти похожие документы)
From: Rob Thomas <> Subject: Настройка IPsec в Cisco Configuring IPsec on Cisco routers Rob Thomas Оригинал документа: Структура сети: Sun SPARC 20 | Cisco 2514 | Cisco 2514 Работоспособность можно проверить через ping или telnet с хоста на Маршрутизация статическая. Настраиваем IPSEC туннель на маршрутизаторе, между точками и ! @(#)IPsec Cisco router configuration 10 MAY 2000 Rob Thomas ! crypto isakmp policy 1 ! Set the crypto policy to ISAKMP, priority 1. hash md5 ! Use MD5 as the authentication algorithm (instead ! of SHA, which is slower yet more secure). authentication pre-share ! Utilize the hard-coded key "123FOO123". ! crypto isakmp key 123FOO123 address ! Set the key and the peer with whom to share the ! key. Be careful not to share this with anyone! ! crypto ipsec transform-set OURIPS esp-des esp-md5-hmac ! Create a transform set called OURIPS that utilizes ! ESP (Encapsulating Security Payload) encrypted with ! DES and authenticated with MD5. In this case, we ! will encrypt only the payload of the packet, not the ! header. ! crypto map IPSEC-TO-RMT local-address Ethernet0 ! Specify that the crypto map called IPSEC-TO-RMT ! will use the local-address on E0 for identification ! purposes. This is not always necessary, but makes ! for nice documentation. ! crypto map IPSEC-TO-RMT 1 ipsec-isakmp ! Map IPSEC-TO-RMT, sequence number 1, that uses ! ISAKMP for key exchange. set peer ! Our remote peer set transform-set OURIPS ! Apply the proper transform set (q.v.) match address IPSEC-TUN ! Only IPSEC the packets that match the extended ! ACL named IPSEC-TUN ip access-list extended IPSEC-TUN ! Build an ACL to use for IPSEC. remark IPSEC ACL ! Comments are good. :-) permit ip any any ! This is a bit misleading. While it will attempt ! to ESP encrypt all packets, multicast packets can ! not be encrypted with IPSEC. For multicast pack- ! ets, a GRE tunnel must be used. Recall that most ! routing protocols use multicast (OSPF, RIP v2) for ! the routing updates. interface Ethernet0 ip address no ip redirects no ip proxy-arp no ip mroute-cache crypto map IPSEC-TO-RMT ! Apply the crypto map IPSEC-TO-RMT to the e0 ! interface. Без использования IPSEC: -> ICMP Echo request -> ICMP Echo reply -> ICMP Echo request -> ICMP Echo reply -> ICMP Echo request -> ICMP Echo reply С применением IPSEC туннеля: -> IP D= S= LEN=136, ID=243 -> IP D= S= LEN=136, ID=625 -> IP D= S= LEN=136, ID=244 -> IP D= S= LEN=136, ID=628 -> IP D= S= LEN=136, ID=245 Rob Thomas,

<< Предыдущая ИНДЕКС Поиск в статьях src Установить закладку Перейти на закладку Следующая >>

Ваш комментарий

  Закладки на сайте
  Проследить за страницей
Created 1996-2017 by Maxim Chirkov  
Hosting by Ihor