Gns3moi
Download as DOCX, PDF
0 likes504 views
The document summarizes the configuration of a VPN server including setting up IKE policies, crypto maps, IP pools, and network address translation to allow VPN clients to connect securely and access internal network resources behind the server. Key steps include configuring AAA authentication and authorization, IKE and IPsec transforms, dynamic crypto maps to connect clients in the ippool range, and NAT to translate private addresses to public addresses for internet access.
Gns3moi
- 1. ---------------------------------------C畉u h狸nh tr棚n VPN server--------------------- Aaa new-model aaa authentication login userauthen local aaa authorization network groupauthor local username sena password 0 cisco crypto isakmp policy 10 encryption aes 256 authentication pre-share group 2 exit crypto isakmp client configuration group vpnclient key cisco123 pool ippool acl 1
- 2. exit crypto ipsec transform-set myset esp-3des esp-md5-hmac ex crypto dynamic-map dynmap 10 set transformset myset reverseroute ex crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address respond crypto map clientmap 10 ipsecisakmp dynamic dynmap ip local pool ippool 200.0.0.10 200.0.0.20 access-list 1 permit 192.168.10.0 0.0.0.255 ip nat inside source list 1 interface s0/0/0 overload int f0/0 ip nat inside halfduplex int s0/0/0 ip nat outside crypto map clientmap
- 3. b棚n R2 c滴ng c畉u h狸nh NAT acc 1 permit 192.168.20.0 0.0.0.255 ip nat inside sou list 1 int s1/0 over int f2/0 ip nat inside int s1/0 ip nat outside PC 2: Sauk hi ci cisco VPN client xong b畉n vo network enable v 畉t ip l 192.168.20.3/24
- 4. Vo VPN client ch畛n New
- 6. B畉m save v connect -> 叩nh user v畛i pass:
- 7. Sau 坦 vo status -> statictis