Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Lab 15: Site To Site VPN: Topology

    Загружено:

    Amel Jusic
    17 просмотров4 страницы
    Labaratorijska vjezba za program Cisco packet racer

    Оригинальное название

    Nxll15 Site to Site Vpn

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    Labaratorijska vjezba za program Cisco packet racer

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    17 просмотров4 страницы

    Lab 15: Site To Site VPN: Topology

    Загружено:

    Amel Jusic
    Labaratorijska vjezba za program Cisco packet racer

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 4

    Lab 15: Site to Site VPN

    Task

    Figure 1 Topology

    1.
    2.
    3.
    4.
    5.

    Configure IP Address as per given in topology.


    Make sure ICMP open for all networks in ASA's.
    Configure PAT on both ASA.
    Make sure ASA1 and ASA2 ping each other.
    Configure Site-to-Site VPN over ASA. Make sure both 192.168.1.2 and 192.168.2.2 ping each
    other. Use Nat exemption for VPN traffic.

    Lab 15: Site to Site VPN


    Solution

    Task 2: Make sure ICMP open for all networks in ASA's.

    Both ASA's
    access-list ICMP permit icmp any any
    access-group ICMP in interface outside

    Task 3: Configure PAT on both ASA.

    ASA 1
    nat (inside) 1 192.168.1.0 255.255.255.0
    global (outside) 1 interface
    ASA2
    nat (inside) 1 192.168.2.0 255.255.255.0
    global (outside) 1 interface

    Task 4: Make sure ASA1 and ASA2 ping each other.

    ASA 1
    route outside 0 0 101.1.1.1
    ASA 2
    route outside 0 0 102.1.1.1

    Task 5: Configure Site-to-Site VPN over ASA. Make sure both 192.168.1.2 and 192.168.2.2 ping
    each other. Use Nat exemption for VPN traffic.

    ASA 1
    crypto isakmp policy 1
    authentication pre-share
    encryption 3des
    group 2
    exit
    crypto isakmp key cisco address 102.1.1.100

    crypto ipsec transform-set tset esp-3des esp-sha-hmac


    exit

    Lab 15: Site to Site VPN


    access-list VPN permit ip host 192.168.1.100 host 192.168.2.100
    exit
    crypto map CMAP 10 set transform-set tset
    crypto map CMAP 10 match address VPN
    crypto map CMAP 10 set peer 102.1.1.100
    exit

    crypto isakmp enable OUTSIDE


    crypto map CMAP interface outside
    NAT Exemption
    access-list nonat permit ip host 192.168.1.2 host 192.168.2.2
    nat (inside) 0 access-list nonat
    ASA 2
    crypto isakmp policy 1
    authentication pre-share
    encryption 3des
    group 2
    exit
    crypto isakmp key cisco address 101.1.1.100
    crypto ipsec transform-set tset esp-3des esp-sha-hmac
    exit
    access-list VPN permit ip host 192.168.2.100 host 192.168.1.100
    exit
    crypto map CMAP 10 set transform-set tset
    crypto map CMAP 10 match address VPN
    crypto map CMAP 10 set peer 101.1.1.100
    exit
    crypto isakmp enable OUTSIDE
    crypto map CMAP interface outside

    Lab 15: Site to Site VPN


    NAT Exemption
    access-list nonat permit ip host 192.168.2.2 host 192.168.1.2
    nat (inside) 0 access-list nonat

    Вам также может понравиться