Lompat ke konten Lompat ke sidebar Lompat ke footer
Beranda / Cisco

Cisco | VPN IPSEC Tunnel Mode

Oleh Hasugian Posting Komentar












Konfigurasi IP Interface
hostname BNI-1
INTerface loopback 0
ip address 192.168.254.10 255.255.255.255
EXI

INTerface GI0/0
no
ip address 10.11.11.1 255.255.255.0
exi

router ospf 1
router-id 192.168.254.10
exit

inter gi0/0
ip ospf network point-to-point
ip ospf 1 area 0
exit
hostname BNI-2
INTerface loopback 0
ip address 192.168.254.11 255.255.255.255
EXI

INTerface GI0/0
no
ip address 10.12.12.1 255.255.255.0
exi

router ospf 1
router-id 192.168.254.11
exit

inter gi0/0
ip ospf network point-to-point
ip ospf 1 area 0
exit

Konfig Crypto map
hostname BNI-1
crypto isakmp policy 1
encryption aes
hash sha
authentication pre-share
group 2
exi

crypto isakmp key 0 LATIHAN123 address 10.12.12.1
crypto ipsec transform-set TRAINING123 esp-aes esp-sha-hmac
exit
crypto map JAKARTA17AGUSTUS 10 ipsec-isakmp
set peer 10.12.12.1
set transform-set TRAINING123
match address 100

access-list 100 permit host 192.168.254.10 host 192.168.254.11
access-list 100 permit host 192.168.254.11 host 192.168.254.10

ip route 192.168.254.11 255.255.255.255 10.12.12.1

interface gi0/0
crypto map JAKARTA17AGUSTUS

hostname BNI-2
crypto isakmp policy 1
encryption aes
hash sha
authentication pre-share
group 2
exi

crypto isakmp key 0 LATIHAN123 address 10.11.11.1
crypto ipsec transform-set TRAINING123 esp-aes esp-sha-hmac
exit
crypto map JAKARTA17AGUSTUS 10 ipsec-isakmp
set peer 10.11.11.1
set transform-set TRAINING123
match address 100

access-list 100 permit ip host 192.168.254.10 host 192.168.254.11
access-list 100 permit ip host 192.168.254.11 host 192.168.254.10

ip route 192.168.254.10 255.255.255.255 10.11.11.1

interface gi0/0
crypto map JAKARTA17AGUSTUS
exi

Verifikasi


































Verifikasi:
show crypto  ipsec transform-set
show crypto  map
show crypto  ipsec sa
show crypto  isakmp
show crypto  sessions
debug crypto
----------------------------ADD INFO: 











Cisco | VPN IPSEC Tunnel Mode
vpn
cisco
tunnel
ipsec
IPsec

---------------PRODUCTION-------------

crypto isakmp policy 55
 encr aes 256
 hash sha256
 authentication pre-share
 group 2
 exit
 !
 crypto isakmp key 0n3t@R4hA$1a#PERMATA address 192.168.128.1  
 crypto ipsec transform-set PERMATA-TSET esp-aes esp-sha-hmac
 mode tunnel
 !
crypto map PERMATA-CMAP 15 ipsec-isakmp
 set peer 192.168.128.1
 set transform-set PERMATA-TSET
 match address PERMATA-ACL
!
ip access-list extended PERMATA-ACL
 permit ip 172.27.18.0 0.0.0.31 host 192.168.128.9
 permit ip 172.27.18.0 0.0.0.31 host 192.168.128.10
 permit ip 172.27.18.0 0.0.0.31 host 192.168.128.11
 permit ip 172.27.18.0 0.0.0.31 host 192.168.128.12

 permit ip host 192.168.128.9 172.27.18.0 0.0.0.31
 permit ip host 192.168.128.10 172.27.18.0 0.0.0.31
 permit ip host 192.168.128.11 172.27.18.0 0.0.0.31
 permit ip host 192.168.128.12 172.27.18.0 0.0.0.31
 !
ip route 192.168.128.0 255.255.255.0 172.27.2.65 name SERVER-SLIK-OJK
ip route 192.168.128.1 255.255.255.255 172.27.2.65 name PEER-OJK
ip route 192.168.128.9 255.255.255.255 172.27.2.65 name SLIK_REPORT
ip route 192.168.128.10 255.255.255.255 172.27.2.65 name SLIK_WEB
ip route 192.168.128.11 255.255.255.255 172.27.2.65 name SLIK_UPLOAD
ip route 192.168.128.12 255.255.255.255 172.27.2.65 name SLIK_FTP
!
interface BDI821
 description SLIK_OJK_TELKOM
 bandwidth 512
 ip flow monitor NETFLOW-Monitor_Permata input
 ip flow monitor NETFLOW-Monitor_Permata output
 ip address 172.27.2.66 255.255.255.252
 no ip proxy-arp
 encapsulation dot1Q 821
 crypto map PERMATA-CMAP
!
interface Ethernet-Internal1/0/0
 service instance 821 ethernet
  encapsulation dot1q 821
  bridge-domain 821 split-horizon group 0
 !

Posting Komentar untuk "Cisco | VPN IPSEC Tunnel Mode"

Posting Komentar