Skip to main content

Site to Site VPN ( Virtual Private Network )


Site to Site VPN for Beginners.

The two sites are able to access the internet and having static Public IP.

the equation is the sites need to access each other resources securely over the web.


A small example is as below:





Router 1:

 Router1#sh running-config
Building configuration...

Current configuration : 1303 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router1
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 5
lifetime 1800
!
crypto isakmp key nightread3r address 122.1.1.2
!
!
crypto ipsec security-association lifetime seconds 1800
!
crypto ipsec transform-set t-set esp-aes esp-sha-hmac
!
crypto map test 10 ipsec-isakmp
set peer 122.1.1.2
set security-association lifetime seconds 1800
set transform-set t-set
match address 101
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
ip address 121.1.1.2 255.255.255.252
ip nat outside
duplex auto
speed auto
crypto map test
!
interface FastEthernet0/1
ip address 192.168.10.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list natacl interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 121.1.1.1
!
ip flow-export version 9
!
!
ip access-list extended natacl
deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
permit ip any any
access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end



Router1#


Router 2:

Router2#sh running-config
Building configuration...

Current configuration : 1303 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router2
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 5
lifetime 1800
!
crypto isakmp key nightread3r address 121.1.1.2
!
!
crypto ipsec security-association lifetime seconds 1800
!
crypto ipsec transform-set t-set esp-aes esp-sha-hmac
!
crypto map test 10 ipsec-isakmp
set peer 121.1.1.2
set security-association lifetime seconds 1800
set transform-set t-set
match address 101
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
ip address 122.1.1.2 255.255.255.252
ip nat outside
duplex auto
speed auto
crypto map test
!
interface FastEthernet0/1
ip address 192.168.20.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list natacl interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 122.1.1.1
!
ip flow-export version 9
!
!
ip access-list extended natacl
deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip any any
access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end


Router2#








Router2 con0 is now available






Press RETURN to get started.













Router2>
Router2>
Router2>
Router2>








Router2 con0 is now available






Press RETURN to get started.













Router2>
Router2>
Router2>
Router2>
Router2>en
Router2>enable
Router2#
Router2#
Router2#sh run
Router2#sh running-config
Building configuration...

Current configuration : 1303 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router2
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 5
lifetime 1800
!
crypto isakmp key nightread3r address 121.1.1.2
!
!
crypto ipsec security-association lifetime seconds 1800
!
crypto ipsec transform-set t-set esp-aes esp-sha-hmac
!
crypto map test 10 ipsec-isakmp
set peer 121.1.1.2
set security-association lifetime seconds 1800
set transform-set t-set
match address 101
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
ip address 122.1.1.2 255.255.255.252
ip nat outside
duplex auto
speed auto
crypto map test
!
interface FastEthernet0/1
ip address 192.168.20.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list natacl interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 122.1.1.1
!
ip flow-export version 9
!
!
ip access-list extended natacl
deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip any any
access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end



Router2#


Verification:


ping response from PC1



ping response from PC2

verification from Router 1:


Verification from Router 2



Presented By: Naresh Mahato

Comments

Post a Comment

Popular posts from this blog

ArubaOS-CX, ArubaOS- Switch, Comware and Cisco IOS

The command line comparison demonstrated for 4 different OS of the switches, I think this will help you to understand the configuration level deployment. Comware Differences If you are familiar with either the ArubaOS-Switch CLI or the Cisco IOS CLI, you will notice that the  Comware CLI is organized slightly differently . Comware was designed for Internet service providers (ISPs). Many features and functions—such as security and Quality of Service (QoS)—are multi-tiered to  support the different needs of multiple entities accessing the same switch. ArubaOS-CX ArubaOS switch (now the Aruba OS), HPE Comware version 7 Cisco IOS ArubaOS-CX operating system runs on the 8400 and 8320 switches. ArubaOS Switch operating system runs on Aruba 2530 , Aruba 2920 , Aruba 2930F , Aruba 2930M , Aruba 3810M , Aruba 5400R , HPE 2620 , HPE 3500 , HPE 5400 and HPE 3800 switch platforms. HPE Comware7 operating system runs on HPE FF 12900 , HPE 12500 , HPE 5120/5...
4 comments
Read more

HP A5120 Configuration

Today I am going to configure the HP A5120-24G EI Switch. We require the COM1 Port on the system and console cable. The pictures are shown below: COM1: Console Cable: Or You can use converter like this to connect to your laptop USB port : Connect the cable to the console cable with your system and power on the switch and hit Enter Press ENTER to get started,  you will able to see like this: <HPSWITCH> #Apr 26 12:19:44:864 2000 HPSWITCH SHELL/4/LOGIN:  Trap 1.3.6.1.4.1.25506.2.2.1.1.3.0.1: login from Console %Apr 26 12:19:44:995 2000 HPSWITCH SHELL/5/SHELL_LOGIN: Console logged in from aux0. <HPSWITCH> <HPSWITCH> As we know that the cisco having three stage to get into the switch console, just like same here. user mode : > privilege mode : # and the global config mode: config# same structures are here but little more differ from the Cisco here we have the user mo...
1 comment
Read more