CONFIGURATION
1. Remote User COMMUNICTE PAKISTAN LAN PUBLIC IP : 202.56.215.2 BUT NOT COMMUNICATION ON LAN NETWORK IP : 192.168.100.1
2. Remote User PING LAN FTP SERVER BUT THY DO NOT PING SERVER.
3. WHEN YOU CONNECTED VPN AND THEN AGAIN PING LAN FTP SERVER .
___________
________
FIRST REMOTE USER COMMUNICATE ON LAN PUB IP BUT DO NOT COMMUNICATE ON LAN IP.
ALL INTERFECES LINKED UP AND PERFORM ROUTING.
GO TO Company-Router CONFIGURATION MODE.
Router(config) hostname Company-Router
CREAT A LOCAL AUTHENTICATION FOR VPN
Company-Router(config)# aaa new-model
Company-Router(config)# aaa authentication login WAHAB local
Company-Router(config)# aaa authorization network HANAN local
Company-Router(config)# username Manan password Taimoor
CREAT A ISAKMP POLICY FOR VPN
THIS POLICY DEFINES THE ENCRYPTION AND AUTHENTICATION ALGORITHMS THAT WILL BE USED TO PROTECT THE TRAFFIC THAT FLOWS THROUGH THE VPN TUNNEL.
Company-Router(config)# crypto isakmp policy 10
3DES: TRIPLE DATA ENCRYPTION STANDARD.
THIS IS A SYMMETRIC ENCRYPTION ALGORITHM THAT USES THREE KEYS TO ENCRYPT DATA.
Company-Router(config-isakmp)# encryption 3des
Company-Router(config-isakmp)# hash md5
Company-Router(config-isakmp)# authentication pre-share
Company-Router(config-isakmp)# group 2
Company-Router(config-isakmp)# exit
CREAT A VPN GROUP AND KEY AND APPLIED IP ADDRESS
Company-Router(config)# ip local pool VPNPOOL 200.200.200.1 200.200.200.100
Company-Router(config)# crypto isakmp client configuration group cisco
Company-Router(config-isakmp-group) # key cisco123
Company-Router(config-isakmp-group)# pool VPNPOOL
Company-Router(config-isakmp-group)# exit
CREAT A IPSEC TUNNEL USED TO ENCRYPTED DATA
THIS TRANSFORM SET SPECIFIES THE SPECIFIC ENCRYPTION AND AUTHENTICATION ALGORITHMS THAT WILL BE USED FOR A PARTICULAR TRAFFIC FLOW.
Company-Router(config)# crypto ipsec transform-set set1 esp-3des esp-md5-hmac
CREAT A MAP FOR VPN
THIS CRYPTO MAP ASSOCIATES AN IPSEC POLICY AND TRANSFORM SET WITH A SPECIFIC INTERFACE.
Company-Router(config)# crypto dynamic-map map1 10
Company-Router(config-crypto-map)# set transform-set set1
Company-Router(config-crypto-map)# reverse-route
Company-Router(config-crypto-map)# exit
APPLIED AUTHENTICATION AND AUTHORIZATION FOR VPN
Company-Router(config)# crypto map map1 client configuration address respond
Company-Router(config)# crypto map map1 client authentication list WAHAB
Company-Router(config)# crypto map map1 isakmp authorization list HANAN
Company-Router(config)# crypto map map1 10 ipsec-isakmp dynamic map1
VPN CONFIGURATION APPLIED ON INTERFACE
THIS WILL ENABLE IPSEC ON THE INTERFACE AND ALLOW TRAFFIC TO FLOW THROUGH THE VPN TUNNEL.
Company-Router(config)# interface FastEthernet0/0
Company-Router(config)# crypto map map1
VPN CONFIGURATION IS DONE GO TO REMOTE USER AND CONNECT VPN AND COMUNICATION CAN BE DONE.
___________
Comments
Post a Comment