ccnpcryptorouting

Como Configurar Cisco VPN Facil y Rapido

Mira el video abajo para aprender como configurar una VPN

Configuracion de Ruta1:
####PHASE 1 / FASE 1######
crypto isakmp policy 1
encrypt aes 256
hash sha256
auth pre-share
group 5
lifetime 28800
exit
####PHASE 2 / FASE 2 - No olvides cambiar la key si usas esto en produccion#####
crypto isakmp key THISISMYKEY addr 2.2.2.2
crypto  ipsec transform-set MY-SET esp-aes 256 esp-sha-hmac
mode tunnel
exit
crypto ipsec profile MY-IPSEC-PROFILE
set transform-set MY-SET
set pfs group2
set security-association lifetime seconds 28800
exit
####TUNNEL CONFIG / CONFIGURACION DEL TUNEL###
interface tunnel 1
ip addr 172.31.1.1 255.255.255.252
tunnel source GI0/0
tunnel destination 2.2.2.2
tunnel mode ipsec ipv4
tunnel protection ipsec profile MY-IPSEC-PROFILE
exit
####OSPF CONFIG###
interface tunnel 1
ip ospf area 1
exit
router ospf 1
area 1
network 192.168.100.0 0.0.0.5 area 1
end
Configuracion de Ruta2:
####PHASE 1 / FASE 1######
crypto isakmp policy 1
encrypt aes 256
hash sha256
auth pre-share
group 5
lifetime 28800
exit
####PHASE 2 / FASE 2 - No olvides cambiar la key si usas esto en produccion#####
crypto isakmp key THISISMYKEY addr 1.1.1.1
crypto  ipsec transform-set MY-SET esp-aes 256 esp-sha-hmac
mode tunnel
exit
crypto ipsec profile MY-IPSEC-PROFILE
set transform-set MY-SET
set pfs group2
set security-association lifetime seconds 28800
exit
####TUNNEL CONFIG / CONFIGURACION DEL TUNEL###
interface tunnel 1
ip addr 172.31.1.2 255.255.255.252
tunnel source GI0/0
tunnel destination 1.1.1.1
tunnel mode ipsec ipv4
tunnel protection ipsec profile MY-IPSEC-PROFILE
exit
####OSPF CONFIG###
interface tunnel 1
ip ospf area 1
exit
router ospf 1
area 1
network 192.168.200.0 0.0.0.5 area 1
end
Verificacion

Confirma la fase 1 esta establecida:

show crypto isakmp sa

Confirma la fase 2 esta establecida y asegurate de que ahiga packets en decrypt y encrypt:

show crypto ipsec sa

Por ultimo puedes mandar ‘interesting’ trafico (trafico asociado con los SA (security association) Como ping entre las computadoras adentro de las LANs internas.

Leave a Reply

Your email address will not be published. Required fields are marked *