Home > Others

IPsec VPN detailed--Static address

Source: Internet
Author: User
Tags sha1
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

a.Static Address SettingsVPN1.Networking Requirements

as shown in figure 1-2, establish a secure tunnel between Router a and Router B, on the subnet where host a resides (10.1.1.0/ Data Flow from the subnet (10.1.2.0/24) where host B resides

Security.

Security Protocol Adoption ESP protocol, the encryption algorithm uses DES, the authentication algorithm uses sha1-hmac-96.

2.Group Network Diagram

650) this.width=650; "src=" Https://s5.51cto.com/oss/201711/20/6aeba2b4e86736459cdbb1794fdac4fa.png "title=" Qq20171120201905.png "alt=" 6aeba2b4e86736459cdbb1794fdac4fa.png "/>


3.Configuration Steps

(1) configuration Router A

# Configure an Access control list that defines the traffic that subnets 10.1.1.0/24 to subnet 10.1.2.0/24 .

<routera>system-view Enter system operation mode

[Routera]acl number 3101 establishes ACL deletion with name 3101 need to add undo before command

[Routera-acl-adv-3101]rule Permit IP source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255 establish allow 10.1.1.0 Data Flow to 10.1.2.0

[Routera-acl-adv-3101]rule deny IP source any destination any prohibits other network segments from

[Routera-acl-adv-3101]quit

# Configure static routes to Host B .

[Routera]ip route-static 10.1.2.0 255.255.255.0 serial 2/1(out of Port)

# Create A security proposal called Tran1.

[Routera]ipsec Proposal Tran1

# The message package is in the form of tunnel mode.

[Routera-ipsec-proposal-tran1]encapsulation-mode Tunnel

# The security protocol uses the ESP protocol.

[Routera-ipsec-proposal-tran1]transform ESP

# Select the algorithm.

[Routera-ipsec-proposal-tran1]esp encryption-algorithm des(encryption algorithm)

[Routera-ipsec-proposal-tran1]esp Authentication-algorithm SHA1 (verification algorithm)

[Routera-ipsec-proposal-tran1]quit

# Configure the IKE peer.

[Routera]ike Peer RA

[Routera-ike-peer-peer]pre-share-key ABCDE(password)

[Routera-ike-peer-peer]remote-address 2.2.3.1(opposing IP)

# Create a security policy, negotiated as ISAKMP.

[Routera]ipsec Policy Map1 ISAKMP

# cite security proposals.

[Routera-ipsec-policy-isakmp-map1-10]proposal Tran1

# Reference access control list.

[Routera-ipsec-policy-isakmp-map1-10]security ACL 3101

# References IKE peers.

[Routera-ipsec-policy-isakmp-map1-10]ike-peer RA

[Routera-ipsec-policy-isakmp-map1-10]quit

# Configure the IP address of the serial port .

[Port of Routera]interface serial 2/1 External network

[Routera-serial2/1]ip address 2.2.2.1 255.255.255.0 extranet IP

# Apply the Security Policy group on the serial port.

[Routera-serial2/1]ipsec Policy Map1

(2) configuration Router B

# Configure an Access control list that defines the traffic that subnets 10.1.2.0/24 to subnet 10.1.1.0/24 .

<routerb>system-view

[Routerb]acl number 3101 establishing 3101 ACL removal requires an undo before the command

[Routerb-acl-adv-3101]rule Permit IP source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255 allow 10.1.1.0 Network segment Access

[Routerb-acl-adv-3101]rule deny IP source any destination any deny other access

[Routerb-acl-adv-3101]quit

# Configure static routes to Host a .

[Routerb]ip route-static 10.1.1.0 255.255.255.0 serial 2/2 external network Port

# Create A security proposal called Tran1.

[Routerb]ipsec Proposal Tran1

# The message package is in the form of tunnel mode.

[Routerb-ipsec-proposal-tran1]encapsulation-mode Tunnel

# The security protocol uses the ESP protocol.

[Routerb-ipsec-proposal-tran1]transform ESP

# Select the algorithm.

[Routerb-ipsec-proposal-tran1]esp encryption-algorithm des validation algorithm

[Routerb-ipsec-proposal-tran1]esp authentication-algorithm SHA1 encryption algorithm

[Routerb-ipsec-proposal-tran1]quit

# Configure the IKE peer.

[Routerb]ike Peer Peer

[Routerb-ike-peer-peer] Pre-share-key ABCDE// Configure a preshared key that must be consistent with the peer

[Routerb-ike-peer-peer] remote-address2.2.2.1 // Configure peer-to-peer IP address, this address has been determined, do not modify

# Create a security policy, negotiated as ISAKMP.

[Routerb]ipsec Policy Use1 ISAKMP

# Reference access control list.

[Routerb-ipsec-policy-isakmp-use1-10]security ACL 3101

# cite security proposals.

[Routerb-ipsec-policy-isakmp-use1-10]proposal Tran1

# References IKE peers.

[Routerb-ipsec-policy-isakmp-use1-10]ike-peer Peer

[Routerb-ipsec-policy-isakmp-use1-10]quit

# Configure the IP address of the serial port .

[Routerb]interface serial 2/2 external network Port

[Routerb-serial2/2]ip address 2.2.3.1 255.255.255.0 extranet IP

# Apply the Security Policy group on the serial port.

[Routerb-serial2/2]ipsec Policy Use1


This article is from the "Garrett" blog, make sure to keep this source http://garrett.blog.51cto.com/11611549/1983593

IPsec VPN detailed--Static address

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
cisco asa ipsec vpn windows ipsec vpn client ipsec remote access vpn mac ipsec vpn client cisco router ipsec vpn linux ipsec vpn zyxel ipsec vpn client

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More