minimax
19-07-2009, 19:12
السلام عليكم,
أحيانا الواحد بينسى الخطوات أو بيتلخبط فيها بسبب وجود عدة أنواع من VPN. في طريقة سهلة تراجع فيها الخطوات بدون ما ترجع لموقع سيسكو
من config إكتب vpnsetup
pixfirewall(config)# vpnsetup ?
configure mode commands/options:
ipsec-remote-access Display IPSec Remote Access Configuration Commands
site-to-site Display IPSec Site-to-Site Configuration Commands
إختار نوع VPN . في أنواع أخرى كثيرة على ASA ولكن لأني بأستخدم PIX فما عندي إلا نوعين
خلينا نختار site-to-site
pixfirewall(config)# vpnsetup site-to-site steps
بعد ما تضغط Enter سوف تظهر لك الخطوات
Steps to configure a simple site-to-site IKE/IPSec connection with examples:
1. Configure Interfaces
interface GigabitEthernet0/0
ip address 10.10.4.200 255.255.255.0
nameif outside
no shutdown
interface GigabitEthernet0/1
ip address 192.168.0.20 255.255.255.0
nameif inside
no shutdown
2. Configure ISAKMP policy
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
3. Configure transform-set
crypto ipsec transform-set myset esp-3des esp-sha-hmac
4. Configure ACL
access-list L2LAccessList extended permit ip 192.168.0.0 255.255.255.0 192.168.50.0 255.255.255.0
5. Configure Tunnel group
tunnel-group 10.20.20.1 type ipsec-l2l
tunnel-group 10.20.20.1 ipsec-attributes
pre-shared-key P@rtn3rNetw0rk
6. Configure crypto map and attach to interface
crypto map mymap 10 match address L2LAccessList
crypto map mymap 10 set peer 10.10.4.108
crypto map mymap 10 set transform-set myset
crypto map mymap 10 set reverse-route
crypto map mymap interface outside
7. Enable isakmp on interface
crypto isakmp enable outside
---------------------------------------------------------------------------------------------
pixfirewall(config)# vpnsetup site-to-site steps
خلينا نختار ipsec-remote-access
pixfirewall(config)# vpnsetup ipsec-remote-access steps
Steps to configure a simple remote access IKE/IPSec connection with examples:
1. Configure Interfaces
interface GigabitEthernet0/0
ip address 10.10.4.200 255.255.255.0
nameif outside
no shutdown
interface GigabitEthernet0/1
ip address 192.168.0.20 255.255.255.0
nameif inside
no shutdown
2. Configure ISAKMP policy
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
3. Setup an address pool
ip local pool client-pool 192.168.1.1-192.168.1.254
4. Configure authentication method
aaa-server MyRadius protocol radius
aaa-server MyRadius host 192.168.0.254
key $ecretK3y
5. Define tunnel group
tunnel-group client type remote-access
tunnel-group client general-attributes
address-pool client-pool
authentication-server-group MyRadius
tunnel-group client ipsec-attributes
pre-shared-key VpnUs3rsP@ss
6. Setup ipsec parameters
crypto ipsec transform-set myset esp-3des esp-sha-hmac
7. Setup dynamic crypto map
crypto dynamic-map dynmap 1 set transform-set myset
crypto dynamic-map dynmap 1 set reverse-route
8. Create crypto map entry and associate dynamic map with it
crypto map mymap 65535 ipsec-isakmp dynamic dynmap
9. Attach crypto map to interface
crypto map mymap interface outside
10. Enable isakmp on interface
crypto isakmp enable outside
------------------------
بالتوفيق
أحيانا الواحد بينسى الخطوات أو بيتلخبط فيها بسبب وجود عدة أنواع من VPN. في طريقة سهلة تراجع فيها الخطوات بدون ما ترجع لموقع سيسكو
من config إكتب vpnsetup
pixfirewall(config)# vpnsetup ?
configure mode commands/options:
ipsec-remote-access Display IPSec Remote Access Configuration Commands
site-to-site Display IPSec Site-to-Site Configuration Commands
إختار نوع VPN . في أنواع أخرى كثيرة على ASA ولكن لأني بأستخدم PIX فما عندي إلا نوعين
خلينا نختار site-to-site
pixfirewall(config)# vpnsetup site-to-site steps
بعد ما تضغط Enter سوف تظهر لك الخطوات
Steps to configure a simple site-to-site IKE/IPSec connection with examples:
1. Configure Interfaces
interface GigabitEthernet0/0
ip address 10.10.4.200 255.255.255.0
nameif outside
no shutdown
interface GigabitEthernet0/1
ip address 192.168.0.20 255.255.255.0
nameif inside
no shutdown
2. Configure ISAKMP policy
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
3. Configure transform-set
crypto ipsec transform-set myset esp-3des esp-sha-hmac
4. Configure ACL
access-list L2LAccessList extended permit ip 192.168.0.0 255.255.255.0 192.168.50.0 255.255.255.0
5. Configure Tunnel group
tunnel-group 10.20.20.1 type ipsec-l2l
tunnel-group 10.20.20.1 ipsec-attributes
pre-shared-key P@rtn3rNetw0rk
6. Configure crypto map and attach to interface
crypto map mymap 10 match address L2LAccessList
crypto map mymap 10 set peer 10.10.4.108
crypto map mymap 10 set transform-set myset
crypto map mymap 10 set reverse-route
crypto map mymap interface outside
7. Enable isakmp on interface
crypto isakmp enable outside
---------------------------------------------------------------------------------------------
pixfirewall(config)# vpnsetup site-to-site steps
خلينا نختار ipsec-remote-access
pixfirewall(config)# vpnsetup ipsec-remote-access steps
Steps to configure a simple remote access IKE/IPSec connection with examples:
1. Configure Interfaces
interface GigabitEthernet0/0
ip address 10.10.4.200 255.255.255.0
nameif outside
no shutdown
interface GigabitEthernet0/1
ip address 192.168.0.20 255.255.255.0
nameif inside
no shutdown
2. Configure ISAKMP policy
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
3. Setup an address pool
ip local pool client-pool 192.168.1.1-192.168.1.254
4. Configure authentication method
aaa-server MyRadius protocol radius
aaa-server MyRadius host 192.168.0.254
key $ecretK3y
5. Define tunnel group
tunnel-group client type remote-access
tunnel-group client general-attributes
address-pool client-pool
authentication-server-group MyRadius
tunnel-group client ipsec-attributes
pre-shared-key VpnUs3rsP@ss
6. Setup ipsec parameters
crypto ipsec transform-set myset esp-3des esp-sha-hmac
7. Setup dynamic crypto map
crypto dynamic-map dynmap 1 set transform-set myset
crypto dynamic-map dynmap 1 set reverse-route
8. Create crypto map entry and associate dynamic map with it
crypto map mymap 65535 ipsec-isakmp dynamic dynmap
9. Attach crypto map to interface
crypto map mymap interface outside
10. Enable isakmp on interface
crypto isakmp enable outside
------------------------
بالتوفيق