Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Key Server Configuration

    Enviado por

    sunnyb77
    28 visualizações13 páginas
    vpn

    Título original

    GET-VPN

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    DOC, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    vpn

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato DOC, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    28 visualizações13 páginas

    Key Server Configuration

    Enviado por

    sunnyb77
    vpn

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato DOC, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 13

    KEY SERVER CONFIGURATION

    KeyServer#show run
    Building configuration...
    Current configuration : 1910 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname KeyServer
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    memory-size iomem 5
    ip cef
    !
    !
    !
    !
    no ip domain lookup
    ip domain name lab.local
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !

    !
    !
    !
    archive
    log config
    hidekeys
    !
    !
    crypto isakmp policy 100
    encr aes
    authentication pre-share
    group 5
    lifetime 3600
    crypto isakmp key cisco address 0.0.0.0 0.0.0.0
    !
    !
    crypto ipsec transform-set TRANS esp-aes esp-sha-hmac
    !
    crypto ipsec profile IPSEC
    set transform-set TRANS
    !
    crypto gdoi group GDOI
    identity number 1234
    server local
    rekey algorithm aes 256
    rekey lifetime seconds 3600
    rekey retransmit 10 number 2
    rekey authentication mypubkey rsa VPNKEYS
    rekey transport unicast
    sa ipsec 10
    profile IPSEC
    match address ipv4 GETVPN-ACL
    replay counter window-size 64
    address ipv4 192.168.1.2
    !
    !
    crypto map CRYPTO 10 gdoi
    set group GDOI
    !
    !
    !
    !
    !
    !
    !
    interface Loopback0
    ip address 10.1.1.1 255.255.255.0
    !
    interface FastEthernet0/0
    no ip address

    duplex auto
    speed auto
    !
    interface Serial0/0
    ip address 192.168.1.2 255.255.255.0
    clock rate 2000000
    crypto map CRYPTO
    !
    interface FastEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface Serial0/1
    no ip address
    shutdown
    clock rate 2000000
    !
    router ospf 100
    log-adjacency-changes
    network 10.1.1.0 0.0.0.255 area 0
    network 192.168.1.0 0.0.0.255 area 0
    !
    ip forward-protocol nd
    !
    !
    no ip http server
    no ip http secure-server
    !
    ip access-list extended GETVPN-ACL
    permit ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
    !
    !
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !

    line con 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    line aux 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    line vty 0 4
    login
    !
    !
    end
    KeyServer#

    GROUP MEMBER-1 CONFIGURATION


    GM1#show running-config
    Building configuration...
    Current configuration : 1395 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname GM1
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    memory-size iomem 5
    ip cef
    !
    !
    !
    !
    no ip domain lookup
    ip domain name lab.local
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !

    !
    !
    !
    !
    !
    archive
    log config
    hidekeys
    !
    !
    crypto isakmp policy 100
    encr aes
    authentication pre-share
    group 5
    lifetime 3600
    crypto isakmp key cisco address 192.168.1.2
    !
    !
    crypto gdoi group GDOI
    identity number 1234
    server address ipv4 192.168.1.2
    !
    !
    crypto map CRYPTO 10 gdoi
    set group GDOI
    !
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    ip address 10.1.2.1 255.255.255.0
    duplex auto
    speed auto
    !
    interface Serial0/0
    ip address 192.168.2.2 255.255.255.0
    clock rate 2000000
    crypto map CRYPTO
    !
    interface FastEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface Serial0/1
    no ip address

    shutdown
    clock rate 2000000
    !
    router ospf 100
    log-adjacency-changes
    network 10.1.2.0 0.0.0.255 area 0
    network 192.168.2.0 0.0.0.255 area 0
    !
    ip forward-protocol nd
    !
    !
    no ip http server
    no ip http secure-server
    !
    !
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    line con 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    line aux 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    line vty 0 4
    login
    !
    !
    end
    GM1#

    GROUP MEMBER-2 CONFIGURATION


    GM2#show running-config
    Building configuration...
    Current configuration : 1395 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname GM2
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    memory-size iomem 5
    ip cef
    !
    !
    !
    !
    no ip domain lookup
    ip domain name lab.local
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !

    !
    !
    !
    !
    !
    archive
    log config
    hidekeys
    !
    !
    crypto isakmp policy 100
    encr aes
    authentication pre-share
    group 5
    lifetime 3600
    crypto isakmp key cisco address 192.168.1.2
    !
    !
    crypto gdoi group GDOI
    identity number 1234
    server address ipv4 192.168.1.2
    !
    !
    crypto map CRYPTO 10 gdoi
    set group GDOI
    !
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    ip address 10.1.3.1 255.255.255.0
    duplex auto
    speed auto
    !
    interface Serial0/0
    ip address 192.168.3.2 255.255.255.0
    clock rate 2000000
    crypto map CRYPTO
    !
    interface FastEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface Serial0/1
    no ip address

    shutdown
    clock rate 2000000
    !
    router ospf 100
    log-adjacency-changes
    network 10.1.3.0 0.0.0.255 area 0
    network 192.168.3.0 0.0.0.255 area 0
    !
    ip forward-protocol nd
    !
    !
    no ip http server
    no ip http secure-server
    !
    !
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    line con 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    line aux 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    line vty 0 4
    login
    !
    !
    end
    GM2#

    CORE ROUTER CONFIGURATION


    Core#show running-config
    Building configuration...
    Current configuration : 1308 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Core
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    memory-size iomem 5
    ip cef
    !
    !
    !
    !
    no ip domain lookup
    ip domain name lab.local
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !

    !
    !
    !
    !
    !
    archive
    log config
    hidekeys
    !
    !
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface Serial0/0
    ip address 192.168.1.1 255.255.255.0
    clock rate 2000000
    !
    interface FastEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface Serial0/1
    ip address 192.168.2.1 255.255.255.0
    clock rate 2000000
    !
    interface Serial0/2
    ip address 192.168.3.1 255.255.255.0
    clock rate 2000000
    !
    interface Serial0/3
    no ip address
    shutdown
    clock rate 2000000
    !
    router ospf 100
    log-adjacency-changes
    network 192.168.1.0 0.0.0.255 area 0
    network 192.168.2.0 0.0.0.255 area 0
    network 192.168.3.0 0.0.0.255 area 0

    !
    ip forward-protocol nd
    !
    !
    no ip http server
    no ip http secure-server
    !
    !
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    line con 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    line aux 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    line vty 0 4
    login
    !
    !
    end
    Core#

    Você também pode gostar