Buoc 1: Bat dau cau hinh VPN S0/2/0 S0 S1 S0/1/0 GRE Tunnel 135.3.25.1/24 133.1.1.1/24 133.1.1.2/24 132.1.1.1/24 132.1.1.2/24 136.25.4.1/24 Fa0/00Fa0/00 134.1.1.1/24 134.1.1.2/24 RA RBISP Buoc 2: Buoc 3: Nhap cac thong so cho GRE tunnel Buoc 4: Tao 1 duong backup GRE Buoc 5: VPN authentication (dung Pre-shared key) Buoc 6: chi dinh thuat toan ma hoa, xac thuc (dung default) Buoc 7: chi dinh Transform-set (dung default) Buoc 8: chi dinh giao thuc dinh tuyen nao se chay tren VPN (dung OSPF) Buoc 9: cac thong so cua giao thuc dinh tuyen OSPF Buoc 10: Ket thuc cau hinh VPN Cau hinh cua router RB ( Router RA lam tuong tu) Tren router ISP chi dat IP chi cac interface sh run Building configuration Current configuration : 1872 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RB ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 More— ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! no ip domain lookup no ip ips deny-action ips-interface ! no ftp-server write-enable ! ! ! ! ! ! ! ! ! ! ! ! More ! ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key cisco address 133.1.1.1 no crypto isakmp ccm ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to133.1.1.1 set peer 133.1.1.1 set transform-set ESP-3DES-SHA match address 100 ! ! ! More ! interface Tunnel0 ip address 134.1.1.2 255.255.255.0 ip mtu 1420 ip ospf mtu-ignore tunnel source 132.1.1.2 tunnel destination 133.1.1.1 tunnel path-mtu-discovery crypto map SDM_CMAP_1 ! interface FastEthernet0/0 ip address 136.25.4.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1/0 ip address 132.1.1.2 255.255.255.0 clockrate 64000 crypto map SDM_CMAP_1 ! interface Serial0/2/0 no ip address shutdown clockrate 2000000 ! interface Serial0/3/0 no ip address shutdown clockrate 2000000 ! router ospf 10 log-adjacency-changes network 134.1.1.0 0.0.0.255 area 0 network 136.25.4.0 0.0.0.255 area 0 ! ip classless ip route 0.0.0.0 0.0.0.0 132.1.1.1 ! ! ip http server More— no ip http secure-server ! access-list 100 remark SDM_ACL Category=4 access-list 100 permit gre host 132.1.1.2 host 133.1.1.1 ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 logging synchronous line aux 0 line vty 0 4 no login More warm-reboot end Create a secure GRE Tunnel [...]...Chi dinh cac IP Physical va IP Gre- Tunnel Co the su dung BackUp Gre- Tunnel neu can Thiet lap cac thong so cho VNP Connection: Authentication, encryption… Chon giao thuc Routing (OSPF) Add nhung Network can quang ba, trong TH nay quang ba 2 mang: Lan va GreTunnel Finished & Test Success Cau hinh Applied tren Router Building configuration Current... mtu-ignore Tunnel GRE tunnel source 133.1.1.1 tunnel destination 132.1.1.2 tunnel path-mtu-discovery crypto map SDM_CMAP_1 ! interface FastEthernet0/0 ip address 135.3.25.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1/0 no ip address shutdown no fair-queue clockrate 2000000 ! More-interface Serial0/2/0 Tunnel GRE ip address... boot-end-marker ! enable password cisco ! no aaa new-model ! resource policy ! ip subnet-zero ! ! ip cef More-no ip dhcp use vrf connected GRE Tunnel ! ! no ip domain lookup no ip ips deny-action ips-interface ! no ftp-server write-enable ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! More-! GRE Tunnel crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key cisco address 132.1.1.2 no crypto isakmp... 0.0.0.255 area 0 ! ip classless ip route 0.0.0.0 0.0.0.0 133.1.1.2 ! ! ip http server no ip http secure-server ! access-list 100 remark SDM_ACL Category=4 access-list 100 permit gre host 133.1.1.1 host 132.1.1.2 ! ! ! ! More-control-plane GRE Tunnel ! ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 no login ! scheduler allocate 20000 1000 ! end . 132.1.1.2/24 136.25.4.1/24 Fa0/00Fa0/00 134.1.1.1/24 134.1.1.2/24 RA RBISP Buoc 2: Buoc 3: Nhap cac thong so cho GRE tunnel Buoc 4: Tao 1 duong backup GRE Buoc 5: VPN authentication (dung Pre-shared key) Buoc 6: chi dinh thuat toan ma. 8: chi dinh giao thuc dinh tuyen nao se chay tren VPN (dung OSPF) Buoc 9: cac thong so cua giao thuc dinh tuyen OSPF Buoc 10: Ket thuc cau hinh VPN Cau hinh cua router RB ( Router RA lam tuong. Buoc 1: Bat dau cau hinh VPN S0/2/0 S0 S1 S0/1/0 GRE Tunnel 135.3.25.1/24 133.1.1.1/24 133.1.1.2/24 132.1.1.1/24 132.1.1.2/24 136.25.4.1/24 Fa0/00Fa0/00 134.1.1.1/24