Vro settings-Site to Site VPN settings & amp; Detailed Frame Relay Configuration

Source: Internet
Author: User

The Site to Site VPN settings for vro Setup & detailed Frame Relay configuration first describes that frame relay generally rents ISP services. The above configurations are all configured by China Telecom for you. what you get is the two DLCI values in the blue font, used to identify the line of Frame Relay. if you really want to do it on your own, it's as if I have written the red font that must be in front of it. then the blue part must also be in order! Because the input of the last sentence must be input on DCE instead of DTE. the previous sentence also defines the DCE end, because my environment is a simulated Internet environment. you must configure the basic network environment before configuring site-to-site vpn. # BJBJ (config) # interface f0/0BJ (config-if) # ip add 10.1.1.254 255.255.255.0BJ (config-if) # no sh www.2cto.com BJ (config-if) # exitBJ (config) # int s1/0BJ (config-if) # ip add 172.161.1.1 255.255.255.0BJ (config-if) # encapsulation frame-relay IETFBJ (config-if) # frame-relay map ip 172.161.1.2 102 broadcastBJ (config-I F) # no shBJ (config-if) # exitBJ (config) # ip route 0.0.0.0 0.0.0.0 172.161.1.2 # GZGZ (config) # interface f0/0GZ (config-if) # ip add 10.2.2.254 255.255.255.0GZ (config-if) # no shGZ (config-if) # exitGZ (config) # int s1/1GZ (config-if) # ip add 172.161.1.2 255.255.255.0GZ (config-if) # encapsulation frame-relay IETFGZ (config-if) # frame-relay map ip 172.161.1.1 201 broadcastGZ (config-if) # no shGZ (config-if) # exitGZ (config) # I P route 0.0.0.0 0.0.0.0 172.161.1.1 so that we can ping the Intranet IPBJ on GZ on BJ # ping 10.2.2.254Type escape sequence to abort. sending 5, 100-byte ICMP Echos to 10.2.2.254, timeout is 2 seconds :!!!!! Www.2cto.com Success rate is 100 percent (5/5), round-trip min/avg/max = 56/90/184 MS next to what we really want to focus on. this is one of the VPN configurations. this time I will only introduce one type, because there are many kinds of VPN establishment, and the relationship between time is only one of them. if necessary, I will make several other VPN configurations in the future. red part: IKE negotiation policy configuration blue part: set pre-shared key and peer address green part: Configure IPSEC transmission mode and CRYPTO access list orange part: create CRYPTO and automatically negotiate with and set the parameter black and white part: Apply crypto map to the interface! GZ (config) # crypto isakmp enableGZ (config) # crypto isakmp policy 10GZ (config-isakmp) # hash md5GZ (config-isakmp) # authentication pre-shareGZ (config-isakmp) # encryption 3 desGZ (config-isakmp) # exit www.2cto.com GZ (config) # crypto isakmp key cisco address 172.161.1.1GZ (config) # crypto ipsec transform-set trset esp-des esp-md5-hmacGZ (cfg-crypto-trans) # exitGZ (config) # access-list 101 permit ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255GZ (config) # crypto map eric86 10 ipsec-isakmp % NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured. GZ (config-crypto-map) # set peer 172.161.1.1GZ (config-crypto-map) # set transform-set trsetGZ (config-crypto-map) # match address 101GZ (config-crypto-map) # exitGZ (config) # interface Serial1/1GZ (config-if) # crypto map eric86GZ (config-if) # * Oc T 14 23:07:28. 067: % CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON has been configured here. you may ask how to test whether the VPN has been implemented. here, I only have one method to test the network topology. www.2cto.com I didn't ping you once. Can I communicate without configuring a VPN? Communication is also possible when VPN is configured. We don't know how to check whether the VPN is successful. I will teach you to either drop the crypto map interface at one end and ping it to NO. the other one is troublesome, but it can be used to test the VPN channel comprehensively. that is to use the packet capture tool. do you know the TELNET protocol? The password connecting to the VPN is in plain text. If VPN is not used, the plaintext can be captured. After VPN is used, only garbled characters can be captured !! The problem exists in that the Intranet and Intranet should not be able to communicate before VPN is implemented! This is what I felt strange when I was doing it. because when reading a book, they both use two routers, use three CIDR blocks, and use the default route. when no VPN is configured, I can PING all the network segments. I always thought that site-to-site VPN is required. here I will add a configuration file for you. The new configuration file is to change frame relay to the routing protocol I wrote earlier, I. in the previous section, we will only say that ping through the public network is not connected to the Intranet. after completing the VPN, you must use the extended ping mode to go to pingBJ # pingProtocol [ip]: Target IP address: 10.2.2.254Repeat count [5]: datatesize [100]: timeout in seconds [2]: Extended commands [n]: ySource address or interface: 10.1.1.254Type of s Ervice [0]: Set DF bit in IP header? [No]: Validate reply data? [No]: Data pattern [0 xABCD]: www.2cto.com Loose, Strict, Record, Timestamp, Verbose [none]: Sweep range of sizes [n]: Type escape sequence to abort. sending 5, 100-byte ICMP Echos to 10.2.2.254, timeout is 2 seconds: Packet sent with a source address of 10.1.1.254 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/164/240 MS this article comes from the fat shark Network

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.