Gns3moi
Download as DOCX, PDF0 likes504 views
The document summarizes the configuration of a VPN server including setting up IKE policies, crypto maps, IP pools, and network address translation to allow VPN clients to connect securely and access internal network resources behind the server. Key steps include configuring AAA authentication and authorization, IKE and IPsec transforms, dynamic crypto maps to connect clients in the ippool range, and NAT to translate private addresses to public addresses for internet access.
Gns3moi
- 1. ---------------------------------------Cấu hình trên VPN server--------------------- Aaa new-model aaa authentication login userauthen local aaa authorization network groupauthor local username sena password 0 cisco crypto isakmp policy 10 encryption aes 256 authentication pre-share group 2 exit crypto isakmp client configuration group vpnclient key cisco123 pool ippool acl 1
- 2. exit crypto ipsec transform-set myset esp-3des esp-md5-hmac ex crypto dynamic-map dynmap 10 set transform−set myset reverse−route ex crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec−isakmp dynamic dynmap ip local pool ippool 200.0.0.10 200.0.0.20 access-list 1 permit 192.168.10.0 0.0.0.255 ip nat inside source list 1 interface s0/0/0 overload int f0/0 ip nat inside half−duplex int s0/0/0 ip nat outside crypto map clientmap
- 3. bên R2 cũng cấu hình NAT acc 1 permit 192.168.20.0 0.0.0.255 ip nat inside sou list 1 int s1/0 over int f2/0 ip nat inside int s1/0 ip nat outside PC 2: Sauk hi cài cisco VPN client xong bạn vào network enable và đặt ip là 192.168.20.3/24
- 4. Vào VPN client chọn New
- 6. Bấm save và connect -> Đánh user với pass:
- 7. Sau đó vào status -> statictis…