IPSEC VPN CISCO DRAYTEK ADSL Kurulum Dökümanı



Similar documents
Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

Lab Configure a PIX Firewall VPN

Deploying IPSec VPN in the Enterprise

LAN-Cell to Cisco Tunneling

Cisco 1841 MyDigitalShield BYOG Integration Guide

Virtual Private Network and Remote Access Setup

How To Monitor Cisco Secure Pix Firewall Using Ipsec And Snmp Through A Pix Tunnel

Application Notes SL1000/SL500 VPN with Cisco PIX 501

Packet Tracer Configuring VPNs (Optional)

iguring an IPSec Tunnel Cisco Secure PIX Firewall to Checkp

Virtual Private Network and Remote Access

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

VPN. VPN For BIPAC 741/743GE

Version : 2.0 Date : 2006/6/12

iementor CCIE Service Provider Workbook v1.0 Lab13 Solutions: Layer 2 VPN II

Chapter 8 Lab A: Configuring a Site-to-Site VPN Using Cisco IOS and SDM

Cisco Site-to-Site VPN Lab 3 / GRE over IPSec VPNs by Michael T. Durham

Lab 6.5.9b Configure a Secure VPN Using IPSec between a PIX and a VPN Client using CLI

Godinich Consulting. VPN's Between Mikrotik and 3rd Party Devices

Expert Reference Series of White Papers. Integrating Active Directory Users with Remote VPN Clients on a Cisco ASA

Most Common DMVPN Troubleshooting Solutions


How to configure VPN function on TP-LINK Routers

Table of Contents. Cisco Configuring IPSec Cisco Secure VPN Client to Central Router Controlling Access

Chapter 8 Lab A: Configuring a Site-to-Site VPN Using Cisco IOS and CCP

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

How to configure VPN function on TP-LINK Routers

Chapter 8 Lab A: Configuring a Site-to-Site VPN Using Cisco IOS and CCP

Configuring Remote Access IPSec VPNs

UIP1868P User Interface Guide

Configuring a Lan-to-Lan VPN with Overlapping Subnets with Juniper NetScreen/ISG/SSG Products

Understanding the Cisco VPN Client

Lab a Configure Remote Access Using Cisco Easy VPN

Network Security 2. Module 6 Configure Remote Access VPN

How To Industrial Networking

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

SDM: Site to Site IPsec VPN Between ASA/PIX and an IOS Router Configuration Example

System Components PBX Model. Configuration Tasks

How to access peers with different VPN through IPSec. Tunnel

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Virtual Private Network (VPN)

Industrial Classed H685 H820 Cellular Router User Manual for VPN setting

Objectives Understand Cisco IOS system architecture components. Work with the Cisco IOS Command Line Interface (CLI) and common commands.

An Introduction to IP Security (IPSec) Encryption

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

Keying Mode: Main Mode with No PFS (perfect forward secrecy) SA Authentication Method: Pre-Shared key Keying Group: DH (Diffie Hellman) Group 1

VPN L2TP Application. Installation Guide

Remote Access VPN Business Scenarios

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

REMOTE ACCESS VPN NETWORK DIAGRAM

VPN Configuration Guide. Cisco ASA 5500 Series

VPN SECURITY POLICIES

Configure ISDN Backup and VPN Connection

Cisco to Juniper point-to-multipoint IPsec solution - spoke devices migration.

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

Chapter 9 Monitoring System Performance

GregSowell.com. Mikrotik VPN

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

Chapter 4 Managing Your Network

Triple DES Encryption for IPSec

IPSec. User Guide Rev 2.2

How To Configure A Cisco Router With A Cio Router

Configuring an IPSec Tunnel between a Firebox & a Cisco PIX 520

Remote Access via VPN Configuration (May 2011)

ADMINISTRATION GUIDE Cisco Small Business

Module 6 Configure Remote Access VPN

Using PIX Firewall in SOHO Networks

Using a Sierra Wireless AirLink Raven X or Raven-E with a Cisco Router Application Note

Broadband Router ESG-103. User s Guide

System Components PBX Model. Configuration Tasks

VPN Configuration Guide DrayTek Vigor / VigorPro

FBR Multi-WAN VPN Router. User Manual

Application Note 45. Main Mode IPSec VPN from Digi WR44 to a Cisco Using GRE over IPSec with the Cisco configured for VTI. UK Support June 2011

Prestige 310. Cable/xDSL Modem Sharing Router. User's Guide Supplement

Pre-lab and In-class Laboratory Exercise 10 (L10)

VPN Tracker for Mac OS X

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Chapter 6 Basic Virtual Private Networking

IPSec Pass through via Gateway to Gateway VPN Connection

Chapter 6 Using Network Monitoring Tools

Configuring the Cisco Secure PIX Firewall with a Single Intern

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

Load Balance Router R258V

LAN TCP/IP and DHCP Setup

Application Note 25. Configure an IPsec VPN tunnel between a Digi Transport router and a Cisco router using Certificates and SCEP

Chapter 6 Using Network Monitoring Tools

Configuring a Cisco 2509-RJ Terminal Router

Chapter 4 Virtual Private Networking

VPN PPTP Application. Installation Guide

V310 Support Note Version 1.0 November, 2011

bintec Workshop WAN Partner Configuration Copyright November 8, 2005 Funkwerk Enterprise Communications GmbH Version 0.9

Vigor 2700 Series Firewall Router User s Guide

Broadband Phone Gateway BPG510 Technical Users Guide

Chapter 8 Virtual Private Networking

How to setup PPTP VPN connection with DI-804HV or DI-808HV using Windows PPTP client

Transcription:

IPSEC VPN CISCO DRAYTEK ADSL Kurulum Dökümanı Versiyon Değişikliği Yapan Değişiklik Tarih 1.0 Murat Saatçi İlk taslak 23.12.2004 www.draytektr.com // www.simet.com.tr 1/10

1 Amaç Bu döküman da Türk Telekom ADSL omurgasına bağlı IPSEC sonlandırma yapabilen ADSL router ile ****** omurgasına bağlı cisco router arasında IPSEC VPN kurulumuna ait detaylar bulunmaktadır. 2 KAPSAM Mevcut 1024/256kbit ADSL hat üzerinde çalışan IPSEC destekli draytek vigor 2600v ADSL router ile ***** omurgasına 2mbit leased line bağlı bir cisco router arasında IPSEC VPN tünelinin nasıl kurulabileceği konfigurasyon örnekleriyle anlatılmıştır. 3 Test Ortamı Pre-shared key : 123456 Draytek ADSL router : Model : Vigor2600V series annex A Firmware Version : 2.5.2_UK Build Date/Time : Fri Mar 26 14:27:59.52 2004 LAN MAC Address : 00-50-7F-23-73-58 Draytek e bağlı LAN networku : 10.2.1.0 / 24 Real IP : 81.215.208.211 Cisco router : Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-JK9S-M), Version 12.2(27), RELEASE SOFTWARE (fc3) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Tue 02-Nov-04 23:43 by kellmill Image text-base: 0x8000808C, data-base: 0x815C7B40 ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) IPSECTEST uptime is 6 days, 2 hours, 2 minutes System returned to ROM by power-on System image file is "flash:c2600-jk9s-mz.122-27.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for www.draytektr.com // www.simet.com.tr 2/10

compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. cisco 2610 (MPC860) processor (revision 0x203) with 61440K/4096K bytes of memory. Processor board ID JAD03410432 (845141107) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial(sync/async) network interface(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 Cisco ya Bağlı LAN networku : 10.2.2.0 / 24 Cisco serial bacak real IP : 212.154.22.73 4 Konfigurasyonlar Draytek Konfigurasyon : Router Web Configurator Setup Main Menu DrayTek Corp. Model : Vigor2600V series annex A Firmware Version : 2.5.2_UK Build Date/Time : Fri Mar 26 14:27:59.52 2004 LAN MAC Address : 00-50-7F-23-73-58 Basic Setup (Setup First) >> Administrator Password Setup >> LAN TCP/IP and DHCP Setup >> Wireless LAN Setup Advanced Setup >> Dynamic DNS Setup Quick Setup >> Internet Access Setup System Management >> Online Status www.draytektr.com // www.simet.com.tr 3/10

>> Call Schedule Setup >> NAT Setup >> RADIUS Setup >> Static Route Setup >> IP Filter/Firewall Setup >> VPN and Remote Access Setup >> UPNP Service Setup >> VoIP Setup >> VLAN/Rate Control >> VPN Connection Management >> Configuration Backup / Restoration >> SysLog / Mail Alert Setup >> Time Setup >> Management Setup >> Diagnostic Tools >> Reboot System >> Firmware Upgrade (TFTP Server) Copyright (c) 2003, DrayTek Corp. All Rights Reserved. Router Web Configurator > Basic Setup> Ethernet TCP/IP and DHCP Setup <<Main Menu LAN IP Network Configuration For NAT Usage 1st IP Address : 10.2.1.55 1st Subnet Mask : 255.255.255.0 For IP Routing Usage : Enable Disable 2nd IP Address : 2nd Subnet Mask : RIP Protocol Control : 255.255.255.0 Disable DHCP Server Configuration Enable Server Disable Server Relay Agent Start IP Address : IP Pool Counts : Gateway IP Address : DHCP Server IP Address for Relay Agent : DNS Server IP Address Primary IP Address : Secondary IP Address : 192.168.1.10 50 10.2.1.55 OK Copyright (c) 2003, DrayTek Corp. All Rights Reserved. VPN and Remote Access setup / LAN to LAN profile Setup / 1. vpn Router Web Configurator > Advanced Setup> LAN-to-LAN Profile Setup <<Main Menu www.draytektr.com // www.simet.com.tr 4/10

Profile Index : 1 <<Back Clear 1. Common Settings Call Direction Both Dial-Out Dial- In Profile Name Enable this profile vpn Always on Idle Timeout -1 second(s) Enable PING to keep alive PING to the IP 10.2.2.1 2. Dial-Out Settings Type of Server I am calling Link Type Disable ISDN PPTP IPSec Tunnel L2TP with IPSec Policy None Username??? Password PPP Authentication PAP/CHAP VJ Compression On Off Server IP/Host Name for VPN. (such as draytek.com or 123.45.67.89) 212.154.22.73 IPSec Security Method Medium(AH) 3DES w ith Authentication High(ESP) Scheduler (1-15),,, Callback Function (CBCP) Require Remote to Callback 3. Dial-In Settings Allowed Dial-In Type ISDN PPTP IPSec Tunnel L2TP with IPSec Policy None Provide ISDN Number to Remote Username??? Password VJ Compression On Off IPSec Security Method Specify Remote VPN Gateway Medium (AH) High (ESP) www.draytektr.com // www.simet.com.tr 5/10

Peer VPN Server IP DES 3DES AES or Peer ID 4. TCP/IP Network Settings My WAN IP 0.0.0.0 Remote Gateway IP 0.0.0.0 Remote Network IP 10.2.2.0 Remote Network Mask 255.255.255.0 RIP Direction TX/RX Both RIP Version Ver. 2 For NAT operation, treat remote sub-net as Private IP Change default route to this VPN tunnel OK Copyright (c) 2003, DrayTek Corp. All Rights Reserved. IKE advance settings IKE phase 1 mode Main mode Aggressive mode IKE phase 1 proposal DES_MD5_G1/DES_SHA1_G1/3DES_MD5_G1/3DES_MD5 IKE phase 1 key lifetime 86400 IKE phase 2 key lifetime 86400 (900 ~ 86400) (600 ~ 86400) Perfect Foward Secret Local ID Disable Enable Router Web Configurator > System Management > VPN Connection Management <<Main Menu Dial-out Tool Refresh Seconds : 10 ( vpn ) 212.154.22.73 VPN Connection Status www.draytektr.com // www.simet.com.tr 6/10

VPN Type Remote IP Virtual Network Tx Pkts Tx Rate Rx Pkts Rx Rate UpTime 1 ( vpn ) IPSec Tunnel 3DES-MD5 Auth 212.154.22.73 10.2.2.0/24 35 749 54 319 0 : 1 : 3 xxxxxxxx : Data is encrypted. xxxxxxxx : Data isn't encrypted. Copyright (c) 2003, DrayTek Corp. All Rights Reserved. Cisco Router Konfigurasyon: IPSECTEST#sh run Building configuration... Current configuration : 1383 bytes version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption hostname IPSECTEST enable secret 5 $1$uHQ8$HqBzX4o3OxN52xteeciZU1 username test password 0 test ip subnet-zero ip name-server 193.192.101.252 ip name-server 193.192.98.8 ip name-server 193.192.98.9 crypto isakmp policy 1 hash md5 authentication pre-share crypto isakmp key 123456 address 81.215.208.211 no-xauth crypto ipsec transform-set aaaa esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto map cm-cryptomap local-address Serial0/0 crypto map cm-cryptomap 1 ipsec-isakmp set peer 81.215.208.211 set transform-set ESP-3DES-MD5 ESP-3DES-SHA www.draytektr.com // www.simet.com.tr 7/10

match address 100 crypto map cm-cryptopmap 1 ipsec-isakmp Incomplete call rsvp-sync interface Ethernet0/0 ip address 10.2.2..1 255.255.255.0 half-duplex interface Serial0/0 ip address 212.154.22.73 255.255.255.248 clockrate 2000000 crypto map cm-cryptomap interface Serial0/1 no ip address shutdown ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0 ip http server access-list 100 permit ip 10.2.2.0 0.0.0.255 10.2.1.0 0.0.0.255 dial-peer cor custom line con 0 line aux 0 line vty 0 4 password test login end www.draytektr.com // www.simet.com.tr 8/10

5 Sonuçlar IPSEC VPN üzerinden icmp test sonuçları: IPSECTEST-2600#ping Protocol [ip]: Target IP address: 10.2.1.210 ( Draytek e bağlı bir PC ) Repeat count [5]: 1000 Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 10.2.2.1 ( 2600 Ethernet IP si ) Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 1000, 100-byte ICMP Echos to 10.2.1.210, timeout is 2 seconds: Packet sent with a source address of 10.2.2.1 Success rate is 100 percent (1000/1000), round-trip min/avg/max = 24/84/192 ms IPSECTEST#sh crypto ipsec sa interface: Serial0/0 Crypto map tag: cm-cryptomap, local addr. 212.154.22.73 local ident (addr/mask/prot/port): (10.2.2.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (10.2.1.0/255.255.255.0/0/0) current_peer: 81.215.208.211 PERMIT, flags={origin_is_acl,} #pkts encaps: 626, #pkts encrypt: 626, #pkts digest 626 #pkts decaps: 1443, #pkts decrypt: 1443, #pkts verify 1443 #pkts compressed: 0, #pkts decompressed: 0 www.draytektr.com // www.simet.com.tr 9/10

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 795 local crypto endpt.: 212.154.22.73, remote crypto endpt.: 81.215.208.211 path mtu 1500, ip mtu 1500, ip mtu interface Serial0/0 current outbound spi: 264D9B3A inbound esp sas: spi: 0x62C52F24(1657089828) transform: esp-3des esp-md5-hmac, in use settings ={Tunnel, } slot: 0, conn id: 2000, flow_id: 1, crypto map: cm-cryptomap sa timing: remaining key lifetime (k/sec): (4607792/3003) IV size: 8 bytes replay detection support: Y inbound ah sas: inbound pcp sas: outbound esp sas: spi: 0x264D9B3A(642620218) transform: esp-3des esp-md5-hmac, in use settings ={Tunnel, } slot: 0, conn id: 2001, flow_id: 2, crypto map: cm-cryptomap sa timing: remaining key lifetime (k/sec): (4607912/3003) IV size: 8 bytes replay detection support: Y outbound ah sas: outbound pcp sas: www.draytektr.com // www.simet.com.tr 10/10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information