Static IPSec VPN Router to Router with DHCP Server

Posted on October 2, 2007. Filed under: IPsec, VPN |

 
Berikut ada dua Router 1 & Router 2.
VPN Connection type menggunakan Static IPSec.
LAN A : 172.16.10.0 /24 dan LAN B : 192.168.1.0 /24.
 
DHCP Pool diassign oleh masing2 Router untuk masing2 LAN.
 
Berikut confignya :
 
 
VR-1#sh run
Building configuration…Current configuration : 1929 bytes
!
! Last configuration change at 17:42:58 WIB Tue Mar 29 2005
! NVRAM config last updated at 17:42:59 WIB Tue Mar 29 2005
!
version 12.2
no parser cache
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
 

 
!
hostname VR-1
!
logging rate-limit console 10 except errors
no logging console
enable secret 5 $1$XeAP$ZHlMXRziKpf0XRrwSSh801
!
username vpn privilege 15 nopassword
clock timezone WIB 7
ip subnet-zero
!
!
no ip domain-lookup
ip host vr2 202.53.253.3
ip dhcp excluded-address 192.168.0.0
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.255
!
ip dhcp pool LAN-VPN-1
network 192.168.1.0 255.255.255.0
dns-server 202.53.253.65
default-router 192.168.1.1
netbios-node-type h-node
lease 0 12
!
ip cef
ip ssh time-out 120
ip ssh authentication-retries 3
no ip dhcp-client network-discovery
!
crypto isakmp policy 1
authentication pre-share
lifetime 3600
crypto isakmp key noIP4u address 202.53.253.3
!
!
crypto ipsec transform-set vpn1 ah-md5-hmac esp-des esp-md5-hmac
!
crypto map shortsec 60 ipsec-isakmp
set peer 202.53.253.3
set transform-set vpn1
match address 130
!
call rsvp-sync
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description PTP-VPN
ip address 202.53.253.6 255.255.255.224
duplex full
crypto map shortsec
!
interface FastEthernet2/0
description LAN-VPN
ip address 192.168.1.1 255.255.255.0
duplex full
!
interface FastEthernet5/0
no ip address
shutdown
duplex half
!
ip classless
ip forward-protocol spanning-tree
ip forward-protocol udp netbios-ss
ip route 172.16.10.0 255.255.255.0 202.53.253.3
no ip http server
!
access-list 130 permit ip 192.168.1.0 0.0.0.255 172.16.10.0 0.0.0.255
access-list 130 permit ip 172.16.10.0 0.0.0.255 192.168.1.0 0.0.0.255
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
line aux 0
line vty 0 4
login local
line vty 5 15
login
!
!
end
VR-1#

VR-2#sh run
Building configuration…Current configuration : 1876 bytes
!
! Last configuration change at 17:45:51 WIB Tue Mar 29 2005 by vpn
! NVRAM config last updated at 17:45:51 WIB Tue Mar 29 2005 by vpn
!
version 12.2
no parser cache
service config
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname VR-2
!
logging rate-limit console 10 except errors
no logging console
enable secret 5 $1$INH1$SYLpzVLYyH3r0VlkGhJWr.
!
username vpn privilege 15 nopassword
clock timezone WIB 7
ip subnet-zero
!
!
ip host vr1 202.53.253.6
no ip dhcp conflict logging
ip dhcp excluded-address 172.16.10.1
ip dhcp excluded-address 172.16.10.0
ip dhcp excluded-address 172.16.10.255
!
ip dhcp pool LAN-VPN-2
network 172.16.10.0 255.255.255.0
default-router 172.16.10.1
dns-server 202.53.253.65
netbios-node-type h-node
!
ip ssh time-out 120
ip ssh authentication-retries 3
no ip dhcp-client network-discovery
!
crypto isakmp policy 1
authentication pre-share
lifetime 3600
crypto isakmp key noIP4u address 202.53.253.6
!
!
crypto ipsec transform-set vpn1 ah-md5-hmac esp-des esp-md5-hmac
!
crypto map shortsec 60 ipsec-isakmp
set peer 202.53.253.6
set transform-set vpn1
match address 130
!
call rsvp-sync
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description PTP-VPN
ip address 202.53.253.3 255.255.255.224
duplex full
crypto map shortsec
!
interface FastEthernet2/0
description LAN-VPN
ip address 172.16.10.1 255.255.255.0
duplex full
!
ip classless
ip forward-protocol spanning-tree
ip forward-protocol udp netbios-ss
ip route 192.168.1.0 255.255.255.0 202.53.253.6
no ip http server
!
access-list 130 permit ip 172.16.10.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 130 permit ip 192.168.1.0 0.0.0.255 172.16.10.0 0.0.0.255
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
line aux 0
line vty 0 4
login local
line vty 5 15
login
!
!
endVR-2#sh log

Wassalam
a. rahman isnaini r. sutan

Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

One Response to “Static IPSec VPN Router to Router with DHCP Server”

RSS Feed for tukang-tukang oprek Comments RSS Feed

[…] unknown wrote an interesting post today!.Here’s a quick excerptno ip domain-lookup ip host vr2 202.53.253.3 ip dhcp excluded-address 192.168.0.0 ip dhcp excluded-address 192.168.0.1 ip dhcp excluded-address 192.168.0.255 ! ip dhcp pool LAN-VPN-1 network 192.168.1.0 255.255.255.0 … […]


Where's The Comment Form?

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: