aeachaves
Número de Mensagens : 1 Idade : 43 Localização : São Paulo Reputação : 0 Pontos : 3 Data de inscrição : 02/05/2011
| Assunto: VPN, ajuda Seg maio 02, 2011 12:10 pm | |
| Galera, sou novo aqui... conheço rede e Mikrotik, estou começando a trabalhar com Cisco.
Preciso fechar uma VPN da matriz para filial, mas peguei um Cisco que já esta funcionando, gostaria que alguem pudesse me auxiliar como posso fechar o tunel da vpn.
Se existe algum Gui que possa fazer e depois analisar no terminal?
CONF:
! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption service sequence-numbers ! hostname RBrasil-2 ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings ! no aaa new-model clock timezone HAA -3 ! ip cef ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 no ip domain lookup ip domain name yourdomain.com ip name-server 80.58.32.97 ip name-server 80.58.0.33 ! ! ! ! archive log config hidekeys ! ! ip telnet source-interface Vlan1 ip ssh version 1 ! ! ! interface Tunnel1 ip address 10.0.0.1 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip mtu 1480 ip tcp adjust-mss 1400 load-interval 30 tunnel source 201.xxx.xxx.xxx tunnel destination 201.xxx.xxx.xxx tunnel mode ipip hold-queue 1024 in hold-queue 1024 out ! interface ATM0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto ! interface FastEthernet0 description modem switchport access vlan 2 ! interface FastEthernet1 description interna ! interface FastEthernet2 ! interface FastEthernet3 ! interface Vlan1 description interna ip address 2.2.2.1 255.255.255.248 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! interface Vlan2 ip address 201.xxx.xxx.xxx 255.255.255.240 ip nat outside ip virtual-reassembly ip tcp adjust-mss 1452 ! no ip classless ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 201.xxx.xxx.xxx ip route 172.19.30.0 255.255.255.0 2.2.2.2 ! no ip http server ip http access-class 23 ip http authentication local no ip http secure-server ip http max-connections 2 ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 101 interface Vlan2 overload ! access-list 23 permit 172.19.30.0 0.0.0.255 access-list 23 permit 2.2.2.0 0.0.0.7 access-list 101 permit ip 2.2.2.0 0.0.0.255 any access-list 101 permit ip 172.19.30.0 0.0.0.255 any access-list 101 permit ip 201.xxx.xxx.xxx 0.0.0.255 any no cdp run ! ! ! control-plane ! ! line con 0 login local no modem enable line aux 0 line vty 0 4 access-class 23 in privilege level 15 login local transport input ssh ! scheduler max-task-time 5000 end
| |
|
andreirapuru Associate
Número de Mensagens : 54 Idade : 42 Localização : São Paulo/SP Reputação : 13 Pontos : 67 Data de inscrição : 27/01/2011
| Assunto: Re: VPN, ajuda Ter maio 10, 2011 3:09 pm | |
| Segue um script básico: Matriz (IP WAN 1.1.1.1, LAN 10.0.0.0/24)================================== ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 ! crypto isakmp key escolhaumachave address 2.2.2.2 ! crypto ipsec transform-set VPN-TRANS1 esp-3des esp-md5-hmac ! ip access-list extended REDE_VPN permit ip host 1.1.1.1 host 2.2.2.2 permit ip 10.0.0.0 0.0.0.255 172.16.0.0 0.0.0.255 ! crypto map VPN1 10 ipsec-isakmp set peer 2.2.2.2 set transform-set VPN-TRANS1 match address REDE_VPN ! int f0/0 description WAN crypto map VPN1
Filial (IP WAN 2.2.2.2, LAN 172.16.0.0/24)================================== ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 ! crypto isakmp key escolhaumachave address 1.1.1.1 ! crypto ipsec transform-set VPN-TRANS1 esp-3des esp-md5-hmac ! ip access-list extended REDE_VPN permit ip host 2.2.2.2 host 1.1.1.1 permit ip 172.16.0.0 0.0.0.255 10.0.0.0 0.0.0.255 ! crypto map VPN1 10 ipsec-isakmp set peer 1.1.1.1 set transform-set VPN-TRANS1 match address REDE_VPN ! int f0/0 description WAN crypto map VPN1
Mais informações neste link: http://www.cisco.com/en/US/docs/security/vpn_modules/6342/configuration/guide/6342site3.html#wp1036454
www.brainwork.com.br/qa | |
|