SlideShare une entreprise Scribd logo

Configure Site to Site VPNs in Cisco 2911's

Télécharger en tant que PPTX, PDF
Dan Morrill
Dan Morrill

Quick presentation on the steps to build out a mesh site to site network using a cisco 2911

FormationTechnologie
1  sur  13
CIS 264 Dan Morrill Highline Community College
 A static IP address on the EXTERNAL interface of your router  Needs to be in the 192.168.203.X range for this class (all examples will use this IP range)  Cisco 2911  Access to the router as exec  Patience  Remember to check your work before you commit the changes  Remember Write MEM  A backup of your router configuration before doing this  Just in case bad things happen to good people
 http://www.routergeek.net/general/how-to-configure- site-to-site-vpn-in-cisco-routers/ provides good step by step in case you need it  http://samcaldwell.net/index.php/technical- articles/3-how-to-articles/83-cisco-vpn-part-i provides good background support for setting up a site to site VPN in a Cisco router  http://www.fredshack.com/docs/vpnios.html somewhat convoluted but workable – use as a backup resource in case something goes wrong
 Create an IKE (Internet Key Exchange) policy for your router 1. Router(config)#crypto isakmp policy 9 2. Router(config-isakmp)#hash md5 3. Router(config-isakmp)#authentication pre-share
 Router(config)#crypto isakmp key VPNKEY address 192.168.203.25  Where the VPNKEY is the shared key that you will use for the VPN, and remember to set the same key on the other end  VPNKEY = keyR7ToR5 to help with the naming convention  192.168.203.25 the static public IP address of the other end
 Router(config)#crypto ipsec security-association lifetime seconds YYYYY  where YYYYY is the associations lifetime in seconds. It is usually used as 86400, which is one day.
 Router(config)#access-list AAA permit ip SSS.SSS.SSS.SSS WIL.DCA.RDM.ASK DDD.DDD.DDD.DDD WIL.DCA.RDM.ASK  Access-list AAA permit ip 192.168.203.25 0.0.0.255 192.168.203.26 0.0.0.255  Where 203.26 is the Active Directory server or other computer on the network that will pass data back and forth between racks in the VPN  Where WIL.DCA.RDM.ASK = wild card mask of the network, the reverse subnet for a flat “C” network
 Define the transformations set that will be used for the VPN connection  Router(config)#crypto ipsec transform-set SETNAME AAAA BBBB  Where SETNAME is the name of the transformations set. You can choose any name you like. Naming is important to keep track of the transforms  BBBB and CCCCC is the transformation set. I recommend the use of “esp-3des esp-md5-hmac”.
 Router(config)#crypto map MAPNAME PRIORITY ipsec- isakmp  Router(config-crypto-map)#set peer 192.168.203.25  Router(config-crypto-map)#set transform-set SETNAME  Router(config-crypto-map)#match address AAA  Where MAPNAME is a name of your choice to the crypto-map  PRIORITY is the priority of this map over other maps to the same destination. If this is your only crypto-map give it any number, for example 10.  192.168.203.25 the static public IP address of the other end  SETNAME is the name of the transformations set that we configured in step 5  AAA is the number of the access-list that we created to define the traffic in step 4
 Router(config-if)#crypto map MAPNAME  where MAPNAME is the name of the crypto-map that we defined in step 6.  Now, repeat these steps on the other end, and remember to use the same key along with the same authentication and transform set.
 Repeat steps 2, 4, 5, 6, 7 for each VPN you want to set up for each connection point  R3, R4, R5, R6, R7 in all you will have 5 VPN connections in your router configuration  Remember to skip step 3  This is step 3, this is a global configuration that will work on all VPN’s connected to the router  Router(config)#crypto ipsec security-association lifetime seconds YYYYY
 show crypto isakmp sa  show crypto ipsec sa  show crypto engine connections active  and show crypto map  All those should show what you entered  Then write mem  Then do a show run to see if everything took after write mem
Configure Site to Site VPNs in Cisco 2911's

Recommandé

Information security principles
Information security principlesInformation security principles
Information security principlesDan Morrill
 
Information Security Discussion for GM667 Saint Mary's University of MN
Information Security Discussion for GM667 Saint Mary's University of MNInformation Security Discussion for GM667 Saint Mary's University of MN
Information Security Discussion for GM667 Saint Mary's University of MNSaint Mary's University of Minnesota
 
Computerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence SolutionsComputerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence SolutionsDigital-360
 
Information Security at the Workplace
Information Security at the WorkplaceInformation Security at the Workplace
Information Security at the WorkplaceJohn Macasio
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Windows power shell and active directory
Windows power shell and active directoryWindows power shell and active directory
Windows power shell and active directoryDan Morrill
 
Windows power shell basics
Windows power shell basicsWindows power shell basics
Windows power shell basicsDan Morrill
 
Understanding web site analytics
Understanding web site analyticsUnderstanding web site analytics
Understanding web site analyticsDan Morrill
 

Recommandé

Information security principles
Information security principlesInformation security principles
Information security principlesDan Morrill
 
Information Security Discussion for GM667 Saint Mary's University of MN
Information Security Discussion for GM667 Saint Mary's University of MNInformation Security Discussion for GM667 Saint Mary's University of MN
Information Security Discussion for GM667 Saint Mary's University of MNSaint Mary's University of Minnesota
 
Computerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence SolutionsComputerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence SolutionsDigital-360
 
Information Security at the Workplace
Information Security at the WorkplaceInformation Security at the Workplace
Information Security at the WorkplaceJohn Macasio
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Windows power shell and active directory
Windows power shell and active directoryWindows power shell and active directory
Windows power shell and active directoryDan Morrill
 
Windows power shell basics
Windows power shell basicsWindows power shell basics
Windows power shell basicsDan Morrill
 
Understanding web site analytics
Understanding web site analyticsUnderstanding web site analytics
Understanding web site analyticsDan Morrill
 
Process monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingProcess monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingDan Morrill
 
Creating a keystroke logger in unix shell scripting
Creating a keystroke logger in unix shell scriptingCreating a keystroke logger in unix shell scripting
Creating a keystroke logger in unix shell scriptingDan Morrill
 
Understanding UNIX CASE and TPUT
Understanding UNIX CASE and TPUTUnderstanding UNIX CASE and TPUT
Understanding UNIX CASE and TPUTDan Morrill
 
Using Regular Expressions in Grep
Using Regular Expressions in GrepUsing Regular Expressions in Grep
Using Regular Expressions in GrepDan Morrill
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
You should ask before copying that media
You should ask before copying that mediaYou should ask before copying that media
You should ask before copying that mediaDan Morrill
 
Cis 216 – shell scripting
Cis 216 – shell scriptingCis 216 – shell scripting
Cis 216 – shell scriptingDan Morrill
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
AWS Hadoop and PIG and overview
AWS Hadoop and PIG and overviewAWS Hadoop and PIG and overview
AWS Hadoop and PIG and overviewDan Morrill
 
What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computingDan Morrill
 
Social Media Plan for CityU of Seattle
Social Media Plan for CityU of SeattleSocial Media Plan for CityU of Seattle
Social Media Plan for CityU of SeattleDan Morrill
 
BSIS Overview
BSIS OverviewBSIS Overview
BSIS OverviewDan Morrill
 
Case Studies In Social Media Chinese
Case Studies In Social Media ChineseCase Studies In Social Media Chinese
Case Studies In Social Media ChineseDan Morrill
 
Case Studies In Social Media
Case Studies In Social MediaCase Studies In Social Media
Case Studies In Social MediaDan Morrill
 
Turn On Tune In Step Out
Turn On Tune In Step OutTurn On Tune In Step Out
Turn On Tune In Step OutDan Morrill
 
Technology And The Future Of Management
Technology And The Future Of ManagementTechnology And The Future Of Management
Technology And The Future Of ManagementDan Morrill
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsManeerUddin
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationRosabel UA
 

Contenu connexe

Plus de Dan Morrill

Process monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingProcess monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingDan Morrill
 
Creating a keystroke logger in unix shell scripting
Creating a keystroke logger in unix shell scriptingCreating a keystroke logger in unix shell scripting
Creating a keystroke logger in unix shell scriptingDan Morrill
 
Understanding UNIX CASE and TPUT
Understanding UNIX CASE and TPUTUnderstanding UNIX CASE and TPUT
Understanding UNIX CASE and TPUTDan Morrill
 
Using Regular Expressions in Grep
Using Regular Expressions in GrepUsing Regular Expressions in Grep
Using Regular Expressions in GrepDan Morrill
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
You should ask before copying that media
You should ask before copying that mediaYou should ask before copying that media
You should ask before copying that mediaDan Morrill
 
Cis 216 – shell scripting
Cis 216 – shell scriptingCis 216 – shell scripting
Cis 216 – shell scriptingDan Morrill
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
AWS Hadoop and PIG and overview
AWS Hadoop and PIG and overviewAWS Hadoop and PIG and overview
AWS Hadoop and PIG and overviewDan Morrill
 
What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computingDan Morrill
 
Social Media Plan for CityU of Seattle
Social Media Plan for CityU of SeattleSocial Media Plan for CityU of Seattle
Social Media Plan for CityU of SeattleDan Morrill
 
Case Studies In Social Media Chinese
Case Studies In Social Media ChineseCase Studies In Social Media Chinese
Case Studies In Social Media ChineseDan Morrill
 
Case Studies In Social Media
Case Studies In Social MediaCase Studies In Social Media
Case Studies In Social MediaDan Morrill
 
Turn On Tune In Step Out
Turn On Tune In Step OutTurn On Tune In Step Out
Turn On Tune In Step OutDan Morrill
 
Technology And The Future Of Management
Technology And The Future Of ManagementTechnology And The Future Of Management
Technology And The Future Of ManagementDan Morrill
 

Plus de Dan Morrill (16)

Process monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingProcess monitoring in UNIX shell scripting
Process monitoring in UNIX shell scripting
 
Creating a keystroke logger in unix shell scripting
Creating a keystroke logger in unix shell scriptingCreating a keystroke logger in unix shell scripting
Creating a keystroke logger in unix shell scripting
 
Understanding UNIX CASE and TPUT
Understanding UNIX CASE and TPUTUnderstanding UNIX CASE and TPUT
Understanding UNIX CASE and TPUT
 
Using Regular Expressions in Grep
Using Regular Expressions in GrepUsing Regular Expressions in Grep
Using Regular Expressions in Grep
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
 
You should ask before copying that media
You should ask before copying that mediaYou should ask before copying that media
You should ask before copying that media
 
Cis 216 – shell scripting
Cis 216 – shell scriptingCis 216 – shell scripting
Cis 216 – shell scripting
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)
 
AWS Hadoop and PIG and overview
AWS Hadoop and PIG and overviewAWS Hadoop and PIG and overview
AWS Hadoop and PIG and overview
 
What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computing
 
Social Media Plan for CityU of Seattle
Social Media Plan for CityU of SeattleSocial Media Plan for CityU of Seattle
Social Media Plan for CityU of Seattle
 
BSIS Overview
BSIS OverviewBSIS Overview
BSIS Overview
 
Case Studies In Social Media Chinese
Case Studies In Social Media ChineseCase Studies In Social Media Chinese
Case Studies In Social Media Chinese
 
Case Studies In Social Media
Case Studies In Social MediaCase Studies In Social Media
Case Studies In Social Media
 
Turn On Tune In Step Out
Turn On Tune In Step OutTurn On Tune In Step Out
Turn On Tune In Step Out
 
Technology And The Future Of Management
Technology And The Future Of ManagementTechnology And The Future Of Management
Technology And The Future Of Management
 

Dernier

AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsManeerUddin
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationRosabel UA
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptshraddhaparab530
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 

Dernier (20)

AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture hons
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translation
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.ppt
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 

Configure Site to Site VPNs in Cisco 2911's

  • 1. CIS 264 Dan Morrill Highline Community College
  • 2.  A static IP address on the EXTERNAL interface of your router  Needs to be in the 192.168.203.X range for this class (all examples will use this IP range)  Cisco 2911  Access to the router as exec  Patience  Remember to check your work before you commit the changes  Remember Write MEM  A backup of your router configuration before doing this  Just in case bad things happen to good people
  • 3.  http://www.routergeek.net/general/how-to-configure- site-to-site-vpn-in-cisco-routers/ provides good step by step in case you need it  http://samcaldwell.net/index.php/technical- articles/3-how-to-articles/83-cisco-vpn-part-i provides good background support for setting up a site to site VPN in a Cisco router  http://www.fredshack.com/docs/vpnios.html somewhat convoluted but workable – use as a backup resource in case something goes wrong
  • 4.  Create an IKE (Internet Key Exchange) policy for your router 1. Router(config)#crypto isakmp policy 9 2. Router(config-isakmp)#hash md5 3. Router(config-isakmp)#authentication pre-share
  • 5.  Router(config)#crypto isakmp key VPNKEY address 192.168.203.25  Where the VPNKEY is the shared key that you will use for the VPN, and remember to set the same key on the other end  VPNKEY = keyR7ToR5 to help with the naming convention  192.168.203.25 the static public IP address of the other end
  • 6.  Router(config)#crypto ipsec security-association lifetime seconds YYYYY  where YYYYY is the associations lifetime in seconds. It is usually used as 86400, which is one day.
  • 7.  Router(config)#access-list AAA permit ip SSS.SSS.SSS.SSS WIL.DCA.RDM.ASK DDD.DDD.DDD.DDD WIL.DCA.RDM.ASK  Access-list AAA permit ip 192.168.203.25 0.0.0.255 192.168.203.26 0.0.0.255  Where 203.26 is the Active Directory server or other computer on the network that will pass data back and forth between racks in the VPN  Where WIL.DCA.RDM.ASK = wild card mask of the network, the reverse subnet for a flat “C” network
  • 8.  Define the transformations set that will be used for the VPN connection  Router(config)#crypto ipsec transform-set SETNAME AAAA BBBB  Where SETNAME is the name of the transformations set. You can choose any name you like. Naming is important to keep track of the transforms  BBBB and CCCCC is the transformation set. I recommend the use of “esp-3des esp-md5-hmac”.
  • 9.  Router(config)#crypto map MAPNAME PRIORITY ipsec- isakmp  Router(config-crypto-map)#set peer 192.168.203.25  Router(config-crypto-map)#set transform-set SETNAME  Router(config-crypto-map)#match address AAA  Where MAPNAME is a name of your choice to the crypto-map  PRIORITY is the priority of this map over other maps to the same destination. If this is your only crypto-map give it any number, for example 10.  192.168.203.25 the static public IP address of the other end  SETNAME is the name of the transformations set that we configured in step 5  AAA is the number of the access-list that we created to define the traffic in step 4
  • 10.  Router(config-if)#crypto map MAPNAME  where MAPNAME is the name of the crypto-map that we defined in step 6.  Now, repeat these steps on the other end, and remember to use the same key along with the same authentication and transform set.
  • 11.  Repeat steps 2, 4, 5, 6, 7 for each VPN you want to set up for each connection point  R3, R4, R5, R6, R7 in all you will have 5 VPN connections in your router configuration  Remember to skip step 3  This is step 3, this is a global configuration that will work on all VPN’s connected to the router  Router(config)#crypto ipsec security-association lifetime seconds YYYYY
  • 12.  show crypto isakmp sa  show crypto ipsec sa  show crypto engine connections active  and show crypto map  All those should show what you entered  Then write mem  Then do a show run to see if everything took after write mem

Notes de l'éditeur

  1. http://www.routergeek.net/general/how-to-configure-site-to-site-vpn-in-cisco-routers/