VPN configuration instance in vro Configuration

Many users are not particularly familiar with how to perform effective router configuration. Here we mainly explain the VPN configuration instances. VPN is an effective way for enterprises to achieve secure remote connection. This article describes the VPN configuration and implementation process based on an application instance. Its main application features include: Based on the encapsulated Security Load Standard ESP-DES (Encapsulating Securiry Payload-Data Encryption Standard) IPSec; VPC through the port address translation (PAT) technology to access the Internet.

I. Basic Network Conditions

The company is headquartered in Beijing and has three branches nationwide. It is required that data in four locations be queried in real time, so that the salesman can make correct decisions based on the specific situation. Early solutions were to connect a vro to the headquarters in Beijing through a DDN private network with a speed of kbps. However, through market research, technicians found that the network operation cost was too high. Through further consultation and adjustment, the final solution is that the branch uses DDN to access the Internet locally, and the Headquarters uses Ethernet to access the Internet nearby. Configure the interconnected router and use VPN technology to ensure secure transmission of internal data over the Internet.

Ii. configuration process and test steps

Before implementing the configuration, check whether the hardware and software support VPN. For Cisco routers, the IOS version must be later than 12.0.6 (5) T and provide the IPSec function. This configuration is successfully configured on the Cisco router. The following describes the vro1 configuration process of branch network 1. Other vro configuration methods are basically the same. You only need to modify the specific environment parameter IP address and interface name. The following is the input part in the black text, <Enter> is the keyboard key, and is the Ctrl + Z key combination. Configure the basic parameters of the vro and test the network connectivity.

1) enter the vro Configuration Mode

Connect the computer serial port to the vro configuration console port, and configure the "terminal simulation" program according to the vro instructions. Run the following command to enter the configuration mode.

Router> en
Router # config terminal
Router (config )#

2) Configure basic security parameters for the vro

It mainly sets the privileged password, remote access password, and vro name to facilitate remote debugging.

Router (config) # enable secret xxxxxxx
Router (config) # line vty 0 4
Router (config-line) # password xxxxxx
Router (config-line) # exit
Router (config) # hostname huadong
Huadong (config )#

3) configure the Ethernet interface of the vro and test the connectivity with the local computer.

Note: connect the cables to related devices before configuration. Port ethernet0/0 is connected to the internal network, and port serial0/0 is connected to the external network. The external network interface address is allocated by the ISP. At least one address is provided. Assume that this is one of the following. In PAT mode, the address is 210.75.32.9, and the upper-level router is 210.75.32.10. The key is to configure IP addresses and enable Ethernet interfaces. During the test, ping the basic test command.

Huadong (config) # inter eth0/0
Huadong (config-if) # ip address 172.17.1.1 255.255.255.0
Huadong (config-if) # no shutdown

The following is a test command:

Huadong # ping 172.17.1.1
...
!!!!!
...
Huadong # ping 172.17.1.100
...
!!!!!
...

On a computer whose IP address is 172.17.1.100:

C:> ping 172.17.1.1
Pinging 172.17.1.1 with 32 bytes of data:
Reply from 172.17.1.1: bytes = 32 time = 5 ms TTL = 255
......

The connection and configuration are correct.