COMPUTER TIPS

Home | Previous Page| About Us | Set As Home Page

 

Google

  Google Groups Beta Subscribe to Computer free Tips                                                  

Email:

Dec, 05 , 07                    Today's Tip                                        Add to Favorites   

                                                                              

   

Previous Tips e

04-12-07
03-12-07
02-12-07
01-12-07
30-11-07
29-11-07
28-11-07
27-11-07
26-11-07
25-11-07
24-11-07
23-11-07
22-11-07
21-11-07
20-11-07
19-11-07
18-11-07
17-11-07
16-11-07
15-11-07
14-11-07
13-11-07
12-11-07
11-11-07
10-11-07
09-11-07
08-11-07
07-11-07
06-11-07
05-11-07
04-11-07
03-11-07
02-11-07
01-11-07
30-10-07
29-10-07
28-10-07
27-10-07
26-10-07
25-10-07
24-10-07
23-10-07
22-10-07
21-10-07
20-10-07
19-10-07
18-10-07
17-10-07
16-10-07
15-10-07
14-10-07
13-10-07
12-10-07
11-10-07
10-10-07
09-10-07
08-10-07
07-10-07
06-10-07
05-10-07
04-10-07
03-10-07
02-10-07
01-10-07
30-09-07
29-09-07
28-09-07
27-09-07
26-09-07
25-09-07
24-09-07
23-09-07
22-09-07
21-09-07
20-09-07
19-09-07
18-09-07
17-09-07
16-09-07
15-09-07
14-09-07
13-09-07
12-09-07
11-09-07
10-09-07
09-09-07
08-09-07
07-09-07
06-09-07
05-09-07
04-09-07
03-09-07
02-09-07
01-09-07
30-08-07
29-08-07
28-08-07
27-08-07
26-08-07
25-08-07
24-08-07
23-08-07
22-08-07
21-08-07
20-08-07
19-08-07
18-08-07
17-08-07
16-08-07
15-08-07
14-08-07
13-08-07
12-08-07
11-08-07
10-08-07
09-08-07
08-08-07
07-08-07
06-08-07
05-08-07
04-08-07
03-08-07
02-08-07
01-08-07

July 07- Tips

June 07- Tips

May 07- Tips

April 07- Tips

March, 07- Tips

February, 07- Tips

January, 07- Tips
 

 

 

 

 

 

How to configure Site-to-Site IPsec VPN?      

 

 

 

VPN stands for Virtual Private Network, used to create an encrypted connection between private networks over a public network such as the internet. The basic form of IPsec VPN is to connect two different points using any shared network. 

Basic steps for IPsec VPN Configuration: 

1- First define the ISAKMP Policy.

For example:

  • Authentication

  • Hash
  • Encryption
  • Group

2- Establish IPsec transform set.

For example:

  • Esp-des

  • Esp-md5-hmac
  • Esp-aes
  • Asp-sha-hmac

3- Configure crypto access list.

For example:

  • Define interesting traffics

4- Configure crypto map

     Used to verify the previously defined parameters. 

5- Now apply crypto map on the interface.

     Used to verify the outgoing interface traffic.

 

Configuration on Router A 

  • In global configuration mode  

Router-A(config)#interface serial 1/0            

(Configure serial interface on Router A)

Router-A(config-if)#ip address 20.1.1.10 255.0.0.0

(Assign IP address to serial interface on Router A)

Router-A(config-if)#exit

(Exit from Interface 1/0) 

  • First defined the IKE polices on router A 

Router-A(config)#crypto isakmp policy 10

(10 is isakmp policy number) 

Router-A(config-isakmp)#encryption des 

(enable encryption des) 

Router-A(config-isakmp)#hash md5

(enable algorithm md5 for hashing) 

Router-A(config-isakmp)#authentication pre-share

(enable Pre-shared method)

Router-A(config-isakmp)#group 2   

(enable diffie-Helman group 2)    

Router-A(config-isakmp)#exit  

(Exit from crypto isakmp mode)

  • The next step is to create a pre-shared key (password) on router A.

Router-A(config)#crypto isakmp key office address 20.1.1.20

(Here Key is "office" and 20.1.1.20 is router B Address)

  • Now create an access list to define only interesting traffic.

Router-A(config)#access-list 100 permit ip host 20.1.1.10 host 20.1.1.20

(100 is access list number and 20.1.1.10 is source address and 20.1.1.20 is destination address.) 

  • Now create the transform-set for encryption and hashing.

Router-A(config)#crypto ipsec transform-set ts2 esp-des esp-md5-hmac

(here encryption type is des and hashing technique is md5-hmac)

Router-A(config)#crypto map imap 10 ipsec-isakmp 

(crypto map name imap) 

Router-A(cfg-ctypto-map)# match address 100   

(apply the access list)

Router-A(cfg-ctypto-map)# set transform-set ts2

(apply the transform set) 

Router-A(cfg-ctypto-map)# set peer 20.1.1.20 

(Set remote peer address)

Router-A(cfg-ctypto-map)# exit        

(Exit from crypto map mode)

  • Now apply the crypto map to the router A interface

Router-A(config)#interface serial 1/0

Router-A(config-if)#crypto map imap 

(Apply crypto map on interface)

Router-A(config-if)#exit      

(Exit from interface)

 

Configuration on Router B 

  • In global configuration mode  

Router-B(config)#interface serial 1/0

(Configure serial interface on Router B)

Router-B(config-if)#ip address 20.1.1.20 255.0.0.0

(Assign IP address to serial interface on Router B)

Router-B(config-if)#exit

(Exit from Interface 1/0) 

  • First defined the IKE polices on router B 

Router-B(config)#crypto isakmp policy 10            

(10 is isakmp policy number) 

Router-B(config-isakmp)#encryption des               

(enable encryption des) 

Router-B(config-isakmp)#hash md5            

(enable algorithm md5 for hashing)

Router-B(config-isakmp)#authentication pre-share

(enable Pre- shared method) 

Router-B(config-isakmp)#group 2                       

(enable diffie-Helman group 2)  

Router-B(config-isakmp)#exit                           

(Exit from crypto isakmp mode) 

  • The next step is to create a pre-shared key (password) on router B.

Router-B(config)#crypto isakmp key office address 20.1.1.10

(Here Key is "office" and 20.1.1.10 is router A Address).

  • Now create an access list to define only interesting traffic.

Router-B(config)#access-list 100 permit ip host 20.1.1.20 host 20.1.1.10

(100 is access list number and 20.1.1.20 is source address and 20.1.1.10 is destination address.) 

  • Now create the transform-set for encryption and hashing.

Router-B(config)#crypto ipsec transform-set ts2 esp-des esp-md5-hmac 

(here encryption type is des and hashing technique is md5-hmac)

Router-B(config)#crypto map imap 10 ipsec-isakmp     

(crypto map name imap)

Router-B(cfg-ctypto-map)# match address 100          

(apply the access list)

Router-B(cfg-ctypto-map)# set transform-set ts2      

(apply the transform set) 

Router-B(cfg-ctypto-map)# set peer 20.1.1.10           

(Set remote peer address)

Router-B(cfg-ctypto-map)# exit                              

(Exit from crypto map mode)
 

  • Now apply the crypto map to the router B interface

Router-B(config)#interface serial 1/0

Router-B(config-if)#crypto map imap            

(Apply crypto map on interface)

Router-B(config-if)#exit                                   

(Exit from interface)

 

 

Yesterday Tip.

How to change the windows default identity?

 

 

 

 

       

 

            

 

 

 

 

 

 

 

 

 

 

    

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 



 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


 

 

 

 

 

 

 

 

 

 

 

 


 

 

 

 

 







 

 

 

 

 

 

 

 

 

   












 

 




 











 

 

 




 

 

 </td