R2#sh run Building configuration Current configuration : 1551 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 More ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! no ip domain lookup no ip ips deny-action ips-interface ! no ftp-server write-enable ! ! ! ! ! ! ! ! ! ! ! ! More ! ! ! ! crypto isakmp policy 1 hash md5 authentication pre-share crypto isakmp key 6 cisco123 address 192.168.1.1 crypto isakmp keepalive 30 5 no crypto isakmp ccm ! ! crypto ipsec transform-set myset esp-3des esp-md5-hmac ! crypto dynamic-map mymap 10 set transform-set myset ! ! crypto map mainmap 1 ipsec-isakmp dynamic mymap ! ! ! interface Loopback0 ip address 192.168.255.1 255.255.255.0 interface Loopback1 ip address 2.2.2.2 255.255.255.255 interface FastEthernet0/0 ip address 192.168.1.2 255.255.255.0 duplex auto speed auto crypto map mainmap interface FastEthernet0/1 no ip address shutdown duplex auto speed auto interface Serial0/1/0 no ip address clockrate 2000000 interface Serial0/2/0 no ip address shutdown clockrate 2000000 interface Serial0/3/0 no ip address shutdown clockrate 2000000 ip classless ip route 0.0.0.0 0.0.0.0 192.168.1.1 ip http server no ip http secure-server control-plane line con 0 logging synchronous line aux 0 line vty 0 4 no login warm-reboot end Buoc 1: Kich hoat VPN Client to Site ( phai enable AAA Server) Buoc 2: Buoc 3: Tao it nhat 1 user mode 15 (de kich hoat AAA Server) Buoc 4: tao user cisco15 (mode 15) Buoc 5: Enable AAA Server Buoc 6: Enable hoan tat Buoc 7: Bat dau tao VPN Server Buoc 8: Chon Interface ma VPN se duoc cau hinh cho VPN client ket noi Buoc 9: Thong bao da co san 1 IP Sec policy Site to Site Buoc 10: Summary cac IP Sec da co san Buoc 11: Buoc 12: Chon Group Authorization tren Local Buoc 13: Authentication Local Buoc 14: Tao Group – Pre-Shared key - IP Pool … cho VPN client [...]...Buoc 15: Hoan tat cau hinh VPN Client to Site . hoan tat Buoc 7: Bat dau tao VPN Server Buoc 8: Chon Interface ma VPN se duoc cau hinh cho VPN client ket noi Buoc 9: Thong bao da co san 1 IP Sec policy Site to Site Buoc 10: Summary cac IP. Authentication Local Buoc 14: Tao Group – Pre-Shared key - IP Pool … cho VPN client Buoc 15: Hoan tat cau hinh VPN Client to Site . ! ! ! ! crypto isakmp policy 1 hash md5 authentication pre-share crypto isakmp key 6 cisco123 address 192.168.1.1 crypto isakmp keepalive 30 5 no crypto isakmp ccm ! ! crypto ipsec transform-set