ภาคผนวก ก Coding VPN IPSec Site-to-Site

Size: px

Start display at page:

Download "ภาคผนวก ก Coding VPN IPSec Site-to-Site"

Elaine Jennings
5 years ago
Views:

1 ภาคผนวก

2 30 ภาคผนวก ก Coding VPN IPSec Site-to-Site Router HQ (R-HQ) hostname R-HQ ip dhcp excluded-address ip dhcp excluded-address ip dhcp excluded-address ip dhcp excluded-address ip dhcp pool Vlan_100 network default-router dns-server ip dhcp pool Vlan_200 network default-router dns-server username itmadmin privilege 15 secret 5 $1$x4Ed$tdEPDkg4rjRuTST.iqOu81 crypto isakmp policy 20 encr 3des authentication pre-share group 2 crypto isakmp key itmadmin address crypto ipsec transform-set SET1 esp-aes esp-md5-hmac

3 crypto map s2s-vpn 10 ipsec-isakmp set peer set transform-set SET1 match address VPN interface FastEthernet0/0 ip address ip nat outside ip virtual-reassembly duplex auto speed auto crypto map s2s-vpn interface FastEthernet0/1.100 encapsulation dot1q 100 ip address ip nat inside interface FastEthernet0/1.200 encapsulation dot1q 200 ip address ip nat inside ip route ip nat inside source list NAT interface FastEthernet0/0 overload ip access-list extended NAT deny ip deny ip permit ip any 31

4 permit ip any ip access-list extended VPN permit ip permit ip line con 0 line aux 0 line vty 0 4 login local end 32

5 Switch HQ(SW-HQ) hostname SW-Headquarter username itmadmin privilege 15 secret 5 $1$OabX$Txg5Nnk03ykRrt4tGsRP0. vlan 100,200 interface GigabitEthernet0/1 interface GigabitEthernet0/2 interface GigabitEthernet0/3 interface GigabitEthernet0/4 interface GigabitEthernet0/5 interface GigabitEthernet0/6 33

6 interface GigabitEthernet0/7 interface GigabitEthernet0/8 interface GigabitEthernet0/9 interface GigabitEthernet0/10 interface GigabitEthernet0/11 interface GigabitEthernet0/12 interface GigabitEthernet0/13 interface GigabitEthernet0/14 34

7 interface GigabitEthernet0/15 interface GigabitEthernet0/16 interface GigabitEthernet0/17 interface GigabitEthernet0/18 interface GigabitEthernet0/19 interface GigabitEthernet0/20 interface GigabitEthernet0/21 interface GigabitEthernet0/22 35

8 interface GigabitEthernet0/23 interface GigabitEthernet0/24 interface GigabitEthernet0/25 interface GigabitEthernet0/26 interface GigabitEthernet0/27 interface GigabitEthernet0/28 interface GigabitEthernet0/29 interface GigabitEthernet0/30 36

9 interface GigabitEthernet0/31 interface GigabitEthernet0/32 interface GigabitEthernet0/40 interface GigabitEthernet0/41 interface GigabitEthernet0/42 interface GigabitEthernet0/43 interface GigabitEthernet0/44 interface GigabitEthernet0/45 interface GigabitEthernet0/46 37

10 interface GigabitEthernet0/47 interface GigabitEthernet0/48 interface Vlan100 ip address interface Vlan200 ip address line con 0 line vty 0 4 login local end 38

11 Router Brancha (R-Branch) hostname R-Branch ip dhcp excluded-address ip dhcp excluded-address ip dhcp excluded-address ip dhcp excluded-address ip dhcp pool vlan_100 network default-router dns-server ip dhcp pool vlan_200 network default-router dns-server username itmadmin privilege 15 secret 5 $1$Rjvd$9zhui080smoHDbKHF2G6C/ crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp key itmadmin address crypto ipsec transform-set SET1 esp-aes esp-md5-hmac crypto map s2s-vpn 100 ipsec-isakmp set peer set transform-set SET1 39

12 match address VPN interface FastEthernet0/0 ip address ip nat outside ip virtual-reassembly duplex auto speed auto crypto map s2s-vpn interface FastEthernet0/1 no ip address duplex auto speed auto interface FastEthernet0/1.100 encapsulation dot1q 100 ip address ip nat inside ip virtual-reassembly interface FastEthernet0/1.200 encapsulation dot1q 200 ip address ip nat inside ip virtual-reassembly interface FastEthernet0/3/0 interface FastEthernet0/3/1 40

13 interface FastEthernet0/3/2 interface FastEthernet0/3/3 ip forward-protocol nd ip route ip nat inside source list NAT interface FastEthernet0/0 overload ip access-list extended NAT deny ip deny ip permit ip any permit ip any ip access-list extended VPN permit ip permit ip line con 0 line aux 0 line vty 0 4 login local end 41

14 Switch Branch (Sw-Branch) hostname SW-Branch username itmadmin privilege 15 secret 5 $1$GVeK$jfjocXa3QvIYPqZguKj75. vlan 100,200 interface FastEthernet0/1 interface FastEthernet0/2 interface FastEthernet0/3 interface FastEthernet0/4 interface FastEthernet0/5 interface FastEthernet0/6 42

15 interface FastEthernet0/7 interface FastEthernet0/8 interface FastEthernet0/9 interface FastEthernet0/10 interface FastEthernet0/11 interface FastEthernet0/12 interface FastEthernet0/13 interface FastEthernet0/14 43

16 interface FastEthernet0/15 interface FastEthernet0/16 interface FastEthernet0/17 interface FastEthernet0/18 interface FastEthernet0/19 interface FastEthernet0/20 interface FastEthernet0/21 interface FastEthernet0/22 44

17 interface FastEthernet0/23 interface FastEthernet0/24 interface FastEthernet0/25 interface FastEthernet0/26 interface FastEthernet0/27 interface FastEthernet0/28 interface FastEthernet0/29 interface FastEthernet0/30 45

18 interface FastEthernet0/31 interface FastEthernet0/32 interface FastEthernet0/45 interface FastEthernet0/46 interface FastEthernet0/47 interface FastEthernet0/48 interface Vlan100 ip address interface Vlan200 ip address interface Vlan201 ip address

19 shutdown linecon 0 line vty 0 4 login local line vty 5 15 login end 47

20 48 ภาคผนวก ข ภาพต วอย างขณะปฎ บ ต งาน ร ปท ข.1 การทดสอบIPSec Site-to-site

21 ร ปท ข.2 การทดสอบ IPSec Site-to-site 49

22 ร ปท ข.3ไปไซต งานล กค า 50

23 ร ปท ข.4 การปฏ บ ต งาน ให ก บทางบร ษ ท เปล ยน UPS ให ล กค า 51

CONFIGURATION DU SWITCH

CONFIGURATION DU SWITCH Current configuration : 2037 bytes version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption hostname Switch no aaa new-model ip subnet-zero