SlideShare uma empresa Scribd logo
1 de 13
Baixar para ler offline
CIS 264
Dan Morrill
Highline Community College
 A static IP address on the EXTERNAL interface of your
router
 Needs to be in the 192.168.203.X range for this class (all
examples will use this IP range)
 Cisco 2911
 Access to the router as exec
 Patience
 Remember to check your work before you commit the
changes
 Remember Write MEM
 A backup of your router configuration before doing this
 Just in case bad things happen to good people
 http://www.routergeek.net/general/how-to-configure-
site-to-site-vpn-in-cisco-routers/ provides good step
by step in case you need it
 http://samcaldwell.net/index.php/technical-
articles/3-how-to-articles/83-cisco-vpn-part-i provides
good background support for setting up a site to site
VPN in a Cisco router
 http://www.fredshack.com/docs/vpnios.html
somewhat convoluted but workable – use as a backup
resource in case something goes wrong
 Create an IKE (Internet Key Exchange) policy for your
router
1. Router(config)#crypto isakmp policy 9
2. Router(config-isakmp)#hash md5
3. Router(config-isakmp)#authentication pre-share
 Router(config)#crypto isakmp key VPNKEY address
192.168.203.25
 Where the VPNKEY is the shared key that you will use
for the VPN, and remember to set the same key on the
other end
 VPNKEY = keyR7ToR5 to help with the naming
convention
 192.168.203.25 the static public IP address of the
other end
 Router(config)#crypto ipsec security-association
lifetime seconds YYYYY
 where YYYYY is the associations lifetime in seconds. It is
usually used as 86400, which is one day.
 Router(config)#access-list AAA permit ip
SSS.SSS.SSS.SSS WIL.DCA.RDM.ASK
DDD.DDD.DDD.DDD WIL.DCA.RDM.ASK
 Access-list AAA permit ip 192.168.203.25 0.0.0.255
192.168.203.26 0.0.0.255
 Where 203.26 is the Active Directory server or other
computer on the network that will pass data back
and forth between racks in the VPN
 Where WIL.DCA.RDM.ASK = wild card mask of the
network, the reverse subnet for a flat “C” network
 Define the transformations set that will be used for the
VPN connection
 Router(config)#crypto ipsec transform-set
SETNAME AAAA BBBB
 Where SETNAME is the name of the transformations
set. You can choose any name you like. Naming is
important to keep track of the transforms
 BBBB and CCCCC is the transformation set. I
recommend the use of “esp-3des esp-md5-hmac”.
 Router(config)#crypto map MAPNAME PRIORITY ipsec-
isakmp
 Router(config-crypto-map)#set peer 192.168.203.25
 Router(config-crypto-map)#set transform-set SETNAME
 Router(config-crypto-map)#match address AAA
 Where MAPNAME is a name of your choice to the crypto-map
 PRIORITY is the priority of this map over other maps to the
same destination. If this is your only crypto-map give it any
number, for example 10.
 192.168.203.25 the static public IP address of the other end
 SETNAME is the name of the transformations set that we
configured in step 5
 AAA is the number of the access-list that we created to define
the traffic in step 4
 Router(config-if)#crypto map MAPNAME
 where MAPNAME is the name of the crypto-map that
we defined in step 6.
 Now, repeat these steps on the other end, and
remember to use the same key along with the same
authentication and transform set.
 Repeat steps 2, 4, 5, 6, 7 for each VPN you want to set
up for each connection point
 R3, R4, R5, R6, R7 in all you will have 5 VPN
connections in your router configuration
 Remember to skip step 3
 This is step 3, this is a global configuration that will work
on all VPN’s connected to the router
 Router(config)#crypto ipsec security-association
lifetime seconds YYYYY
 show crypto isakmp sa
 show crypto ipsec sa
 show crypto engine connections active
 and show crypto map
 All those should show what you entered
 Then write mem
 Then do a show run to see if everything took after write
mem
Configure Site to Site VPNs in Cisco 2911's

Mais conteúdo relacionado

Mais de Dan Morrill

Process monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingProcess monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingDan Morrill
 
Creating a keystroke logger in unix shell scripting
Creating a keystroke logger in unix shell scriptingCreating a keystroke logger in unix shell scripting
Creating a keystroke logger in unix shell scriptingDan Morrill
 
Understanding UNIX CASE and TPUT
Understanding UNIX CASE and TPUTUnderstanding UNIX CASE and TPUT
Understanding UNIX CASE and TPUTDan Morrill
 
Using Regular Expressions in Grep
Using Regular Expressions in GrepUsing Regular Expressions in Grep
Using Regular Expressions in GrepDan Morrill
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
You should ask before copying that media
You should ask before copying that mediaYou should ask before copying that media
You should ask before copying that mediaDan Morrill
 
Cis 216 – shell scripting
Cis 216 – shell scriptingCis 216 – shell scripting
Cis 216 – shell scriptingDan Morrill
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
AWS Hadoop and PIG and overview
AWS Hadoop and PIG and overviewAWS Hadoop and PIG and overview
AWS Hadoop and PIG and overviewDan Morrill
 
What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computingDan Morrill
 
Social Media Plan for CityU of Seattle
Social Media Plan for CityU of SeattleSocial Media Plan for CityU of Seattle
Social Media Plan for CityU of SeattleDan Morrill
 
Case Studies In Social Media Chinese
Case Studies In Social Media ChineseCase Studies In Social Media Chinese
Case Studies In Social Media ChineseDan Morrill
 
Case Studies In Social Media
Case Studies In Social MediaCase Studies In Social Media
Case Studies In Social MediaDan Morrill
 
Turn On Tune In Step Out
Turn On Tune In Step OutTurn On Tune In Step Out
Turn On Tune In Step OutDan Morrill
 
Technology And The Future Of Management
Technology And The Future Of ManagementTechnology And The Future Of Management
Technology And The Future Of ManagementDan Morrill
 

Mais de Dan Morrill (16)

Process monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingProcess monitoring in UNIX shell scripting
Process monitoring in UNIX shell scripting
 
Creating a keystroke logger in unix shell scripting
Creating a keystroke logger in unix shell scriptingCreating a keystroke logger in unix shell scripting
Creating a keystroke logger in unix shell scripting
 
Understanding UNIX CASE and TPUT
Understanding UNIX CASE and TPUTUnderstanding UNIX CASE and TPUT
Understanding UNIX CASE and TPUT
 
Using Regular Expressions in Grep
Using Regular Expressions in GrepUsing Regular Expressions in Grep
Using Regular Expressions in Grep
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
 
You should ask before copying that media
You should ask before copying that mediaYou should ask before copying that media
You should ask before copying that media
 
Cis 216 – shell scripting
Cis 216 – shell scriptingCis 216 – shell scripting
Cis 216 – shell scripting
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)
 
AWS Hadoop and PIG and overview
AWS Hadoop and PIG and overviewAWS Hadoop and PIG and overview
AWS Hadoop and PIG and overview
 
What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computing
 
Social Media Plan for CityU of Seattle
Social Media Plan for CityU of SeattleSocial Media Plan for CityU of Seattle
Social Media Plan for CityU of Seattle
 
BSIS Overview
BSIS OverviewBSIS Overview
BSIS Overview
 
Case Studies In Social Media Chinese
Case Studies In Social Media ChineseCase Studies In Social Media Chinese
Case Studies In Social Media Chinese
 
Case Studies In Social Media
Case Studies In Social MediaCase Studies In Social Media
Case Studies In Social Media
 
Turn On Tune In Step Out
Turn On Tune In Step OutTurn On Tune In Step Out
Turn On Tune In Step Out
 
Technology And The Future Of Management
Technology And The Future Of ManagementTechnology And The Future Of Management
Technology And The Future Of Management
 

Último

Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfMohonDas
 
How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17Celine George
 
5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...CaraSkikne1
 
General views of Histopathology and step
General views of Histopathology and stepGeneral views of Histopathology and step
General views of Histopathology and stepobaje godwin sunday
 
How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17Celine George
 
Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxKatherine Villaluna
 
Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.raviapr7
 
UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024UKCGE
 
In - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxIn - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxAditiChauhan701637
 
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxPractical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxKatherine Villaluna
 
Ultra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptxUltra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptxDr. Asif Anas
 
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxPrescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxraviapr7
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationMJDuyan
 
3.21.24 The Origins of Black Power.pptx
3.21.24  The Origins of Black Power.pptx3.21.24  The Origins of Black Power.pptx
3.21.24 The Origins of Black Power.pptxmary850239
 
CAULIFLOWER BREEDING 1 Parmar pptx
CAULIFLOWER BREEDING 1 Parmar pptxCAULIFLOWER BREEDING 1 Parmar pptx
CAULIFLOWER BREEDING 1 Parmar pptxSaurabhParmar42
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesCeline George
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...Nguyen Thanh Tu Collection
 
Presentation on the Basics of Writing. Writing a Paragraph
Presentation on the Basics of Writing. Writing a ParagraphPresentation on the Basics of Writing. Writing a Paragraph
Presentation on the Basics of Writing. Writing a ParagraphNetziValdelomar1
 
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17Celine George
 

Último (20)

Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdf
 
How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17
 
5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...
 
General views of Histopathology and step
General views of Histopathology and stepGeneral views of Histopathology and step
General views of Histopathology and step
 
How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17
 
Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptx
 
Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.Drug Information Services- DIC and Sources.
Drug Information Services- DIC and Sources.
 
UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024
 
In - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxIn - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptx
 
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxPractical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
 
Prelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quizPrelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quiz
 
Ultra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptxUltra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptx
 
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxPrescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptx
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive Education
 
3.21.24 The Origins of Black Power.pptx
3.21.24  The Origins of Black Power.pptx3.21.24  The Origins of Black Power.pptx
3.21.24 The Origins of Black Power.pptx
 
CAULIFLOWER BREEDING 1 Parmar pptx
CAULIFLOWER BREEDING 1 Parmar pptxCAULIFLOWER BREEDING 1 Parmar pptx
CAULIFLOWER BREEDING 1 Parmar pptx
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 Sales
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
 
Presentation on the Basics of Writing. Writing a Paragraph
Presentation on the Basics of Writing. Writing a ParagraphPresentation on the Basics of Writing. Writing a Paragraph
Presentation on the Basics of Writing. Writing a Paragraph
 
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17
 

Configure Site to Site VPNs in Cisco 2911's

  • 1. CIS 264 Dan Morrill Highline Community College
  • 2.  A static IP address on the EXTERNAL interface of your router  Needs to be in the 192.168.203.X range for this class (all examples will use this IP range)  Cisco 2911  Access to the router as exec  Patience  Remember to check your work before you commit the changes  Remember Write MEM  A backup of your router configuration before doing this  Just in case bad things happen to good people
  • 3.  http://www.routergeek.net/general/how-to-configure- site-to-site-vpn-in-cisco-routers/ provides good step by step in case you need it  http://samcaldwell.net/index.php/technical- articles/3-how-to-articles/83-cisco-vpn-part-i provides good background support for setting up a site to site VPN in a Cisco router  http://www.fredshack.com/docs/vpnios.html somewhat convoluted but workable – use as a backup resource in case something goes wrong
  • 4.  Create an IKE (Internet Key Exchange) policy for your router 1. Router(config)#crypto isakmp policy 9 2. Router(config-isakmp)#hash md5 3. Router(config-isakmp)#authentication pre-share
  • 5.  Router(config)#crypto isakmp key VPNKEY address 192.168.203.25  Where the VPNKEY is the shared key that you will use for the VPN, and remember to set the same key on the other end  VPNKEY = keyR7ToR5 to help with the naming convention  192.168.203.25 the static public IP address of the other end
  • 6.  Router(config)#crypto ipsec security-association lifetime seconds YYYYY  where YYYYY is the associations lifetime in seconds. It is usually used as 86400, which is one day.
  • 7.  Router(config)#access-list AAA permit ip SSS.SSS.SSS.SSS WIL.DCA.RDM.ASK DDD.DDD.DDD.DDD WIL.DCA.RDM.ASK  Access-list AAA permit ip 192.168.203.25 0.0.0.255 192.168.203.26 0.0.0.255  Where 203.26 is the Active Directory server or other computer on the network that will pass data back and forth between racks in the VPN  Where WIL.DCA.RDM.ASK = wild card mask of the network, the reverse subnet for a flat “C” network
  • 8.  Define the transformations set that will be used for the VPN connection  Router(config)#crypto ipsec transform-set SETNAME AAAA BBBB  Where SETNAME is the name of the transformations set. You can choose any name you like. Naming is important to keep track of the transforms  BBBB and CCCCC is the transformation set. I recommend the use of “esp-3des esp-md5-hmac”.
  • 9.  Router(config)#crypto map MAPNAME PRIORITY ipsec- isakmp  Router(config-crypto-map)#set peer 192.168.203.25  Router(config-crypto-map)#set transform-set SETNAME  Router(config-crypto-map)#match address AAA  Where MAPNAME is a name of your choice to the crypto-map  PRIORITY is the priority of this map over other maps to the same destination. If this is your only crypto-map give it any number, for example 10.  192.168.203.25 the static public IP address of the other end  SETNAME is the name of the transformations set that we configured in step 5  AAA is the number of the access-list that we created to define the traffic in step 4
  • 10.  Router(config-if)#crypto map MAPNAME  where MAPNAME is the name of the crypto-map that we defined in step 6.  Now, repeat these steps on the other end, and remember to use the same key along with the same authentication and transform set.
  • 11.  Repeat steps 2, 4, 5, 6, 7 for each VPN you want to set up for each connection point  R3, R4, R5, R6, R7 in all you will have 5 VPN connections in your router configuration  Remember to skip step 3  This is step 3, this is a global configuration that will work on all VPN’s connected to the router  Router(config)#crypto ipsec security-association lifetime seconds YYYYY
  • 12.  show crypto isakmp sa  show crypto ipsec sa  show crypto engine connections active  and show crypto map  All those should show what you entered  Then write mem  Then do a show run to see if everything took after write mem

Notas do Editor

  1. http://www.routergeek.net/general/how-to-configure-site-to-site-vpn-in-cisco-routers/