L2L (LAN to LAN) virtual private network deployment

Others 2020-04-08 23:54:47 views: null

L2L VPN deployment

Establishing a communication between a LAN and another LAN, both the encrypted fixed address, the address is a public address on both sides, the topology is relatively simple.

Lab topology

Here Insert Picture Description

experiment process

1, configure the IP address, to ensure direct link;
2, R1 / 5 do default route to R2 / 4, R2 / R4 do default route to R3;
. 3, R2 and R4 are performed PAT technology, so that R1 / 5 access to the Internet R3 ;
4, L2L deploy virtual private network, capture opening, such that R1 and R5 can access each other.

deploy

R2:
ip access-list extended NAT
permit ip 192.168.12.0 0.0.0.255 any
interface f0/0
ip nat inside
interface f1/0
ip nat outside
ip nat inside source list NAT interface f1/0 overload

R4:
ip access-list extended NAT
permit ip 192.168.45.0 0.0.0.255 any
interface f1/0
ip nat inside
interface f0/0
ip nat outside
ip nat inside source list NAT interface f0/0 overload

R2 (according to paragraph 9 package 2 away):
1, defining a first stage policy set
Crypto ISAKMP Policy 1
Encryption 3DES
authentication pre-Share
Group 2 // DH algorithms
the hash SHA
2, define the pre-shared key
crypto isakmp key 0 cisco address 100.1.34.4
. 3, the second-stage conversion defined set of
Crypto-sET I2ltrans Transform IPSec ESP ESP-3DES-HMAC-SHA
. 4, defined flow interest
IP Access-List Extended l2lacl
the permit IP 192.168.12.0 192.168.45.0 0.0.0.255 0.0. 0.255
5, the map defines
Crypto Map l2lmap. 1 IPSec ISAKMP-
SET Use the peer 100.1.34.4
SET SET l2ltrans Transform-
match address l2lacl
. 6, is applied to the interface
interface F1 / 0
Crypto Map l2lmap

R2 to R4 similar configuration.

Troubleshooting commands:
Show the I RUN S Crypto
Show ip Access

show crypto isakmp sa // check the first phase of SA
Show Crypto ipsec SA // check the second stage SA
the Clear Crypto // Clear the session neighbor relations
Debug Crypto ISAKMP
Debug Crypto ipsec

Here Insert Picture Description
spi index number calculated by the source and destination port of the destination and source ip, the link used to distinguish different virtual private network.

Experimental results

R2 matches the ACL two conflicting:
Here Insert Picture Description
treatment:
Here Insert Picture Description
In this case capture, successful experiments:
Here Insert Picture Description

Goallegoal
Published 36 original articles · won praise 61 · views 1234
Private letter concerns

Guess you like

Origin blog.csdn.net/qq_40644809/article/details/105398695
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com