Configuracion de VPN L2L Entre Routers

Entre routers Cisco, se tienen dos maneras para poder tener un canal de comunicación seguro utilizando IP-Sec

1.Configuración de VPN IP-Sec L2L

2. Tunnel GRE con IP-Sec.

Su uso es acorde a las necesidades y alcance que se tenga.

Este es la topologia utilizada para el ejemplo

VPN_Router
VPN-IPSEC


###########################################
VPN-IPSec Entre Routers
###########################################
********** ROUTER R1 **********************
crypto isakmp policy 1
authentication pre-share
crypto isakmp key Pwd.123 address 172.2.2.2
!
!
crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
mode tunnel
!
!
!
crypto map VPN 10 ipsec-isakmp
set peer 172.2.2.2
set transform-set AES-SHA
match address 100
!
interface Loopback1
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/0
ip address 172.1.1.2 255.255.255.252
duplex full
crypto map VPN
!
ip route 0.0.0.0 0.0.0.0 172.1.1.1
!
access-list 100 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
!
********** ROUTER R2 **********************
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key Pwd.123 address 172.1.1.2
!
!
crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
mode tunnel
!
!
!
crypto map VPN 10 ipsec-isakmp
set peer 172.1.1.2
set transform-set AES-SHA
match address 100
!
!
interface Loopback1
ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet0/0
ip address 172.2.2.2 255.255.255.252
duplex full
crypto map VPN
!
ip route 0.0.0.0 0.0.0.0 172.2.2.1
!
access-list 100 permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
!

###########################################
Tunnel-GRE-IPSec Entre Routers
###########################################
********** ROUTER R1 **********************
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key Pass.4.U address 172.2.2.2
!
!
crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
mode tunnel
!
!
!
crypto map GREVPN 10 ipsec-isakmp
set peer 172.2.2.2
set transform-set AES-SHA
match address 101
!
!
interface Loopback1
ip address 192.168.10.1 255.255.255.0
!
interface Tunnel100
ip address 172.20.20.1 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source FastEthernet0/0
tunnel destination 172.2.2.2
!
interface FastEthernet0/0
ip address 172.1.1.2 255.255.255.252
duplex full
crypto map GREVPN
!
ip route 0.0.0.0 0.0.0.0 172.1.1.1
ip route 192.168.20.0 255.255.255.0 172.20.20.2
!
access-list 101 permit gre host 172.1.1.2 host 172.2.2.2
!

********** ROUTER R2 **********************
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key Pass.4.U address 172.1.1.2
!
!
crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
mode tunnel
!
!
!
crypto map GREVPN 10 ipsec-isakmp
set peer 172.1.1.2
set transform-set AES-SHA
match address 101
!
!
interface Loopback1
ip address 192.168.20.1 255.255.255.0
!
interface Tunnel100
ip address 172.20.20.2 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source FastEthernet0/0
tunnel destination 172.1.1.2
!
interface FastEthernet0/0
ip address 172.2.2.2 255.255.255.252
duplex full
crypto map GREVPN
!
ip route 0.0.0.0 0.0.0.0 172.2.2.1
ip route 192.168.10.0 255.255.255.0 172.20.20.1
!
access-list 101 permit gre host 172.2.2.2 host 172.1.1.2
!

Comments are closed.