IPsec sobre un Tunel Gree enrutado con EIGRP

Tema en 'General' comenzado por Howard Smith, 13 de Noviembre de 2017.

  1. Howard Smith

    Howard Smith Member

    [​IMG]

    ROUTER 1
    Código (Text):
    ###  R1 #######
    inter lo 0
    !
    ip add 172.16.1.1 255.255.255.0
    !
    inter fa0/0
    !
    ip add 192.168.12.1 255.255.255.0
    no shutdow
    !

    router eigrp 1
    !
    no auto-summary
    network 192.168.12.0

    router eigrp 2
    no auto-summary
    network 172.16.0.0

    interface tunnel 0
    ip address 172.16.13.1 255.255.255.0
    tunnel source fastethernet0/0
    tunnel destination 192.168.23.3
    !
    crypto isakmp policy 10
    authentication pre-share
    encryption aes 256
    hash sha
    group 5
    lifetime 3600
    !
    crypto isakmp key cisco address 192.168.23.3
    !
    crypto ipsec transform-set mytrans ah-sha-hmac esp-aes 256 esp-sha-hmac
    !
    access-list 101 permit gre host 192.168.12.1 host 192.168.23.3
    !
    crypto map mymap 10 ipsec-isakmp
    match address 101
    set peer 192.168.23.3
    set transform-set mytrans
    !
    interface fastethernet 0/0
    crypto map mymap
     
    ROUTER 2

    Código (Text):
    ###  R2 #######

    inter fa0/0
    !
    ip add 192.168.12.2 255.255.255.0
    no shutdow
    !
    inter s0/0/1
    ip add 192.168.23.2 255.255.255.0
    clockrate 6400
    no shutdown
    !
    router eigrp 1
    !
    no auto-summary
    network 192.168.12.0
    network 192.168.23.0
     

    ROUTER 3

    Código (Text):

    ###  R3 #######
    inter lo 0
    !
    ip add 172.16.3.1 255.255.255.0
    !
    inter s0/0/1
    ip add 192.168.23.3 255.255.255.0
    no shutdown

    router eigrp 1
    no auto-summary
    network 192.168.23.0

    router eigrp 2
    no auto-summary
    network 172.16.0.0
    !
    interface tunnel0
    ip address 172.16.13.3 255.255.255.0
    tunnel source serial0/0/1
    tunnel destination 192.168.12.1
    !
    crypto isakmp policy 10
    authentication pre-share
    encryption aes 256
    hash sha
    group 5
    lifetime 3600
    !
    crypto isakmp key cisco address 192.168.12.1
    !
    crypto ipsec transform-set mytrans ah-sha-hmac esp-aes 256 esp-sha-hmac
    !
    access-list 101 permit gre host 192.168.23.3 host 192.168.12.1
    !
    !
    crypto map mymap 10 ipsec-isakmp
    match address 101
    set peer 192.168.12.3
    set transform-set mytrans
    !
    interface s0/0/1
    crypto map mymap
    NOTA1: vemos que esta regla es para que todo el tráfico que va del Router 3 al router 1 (que sale por la seria )
    todo ese tráfico será encriptado.(Si deseas puedes especificar que solo la red lan del R3 sea encriptaday transportada )


    Código (Text):
    access-list 101 permit gre host 192.168.23.3 host 192.168.12.1
    NOTA2 : El tráfico lan con el tráfico del tunel está siendo enrutado con eigrp . (en este caso como las dos redes son 172.16.x.x estamos representado como la 172.16.0.0 )
    Código (Text):
    router eigrp 2
    no auto-summary
    network 172.16.0.0
    DESCARGA:
    http://www.mikrotik.com.pe/upload2/uploads/df97658dc84a48ae710260f8ff63f428.pkt

    PDF:
    http://www.mikrotik.com.pe/upload2/uploads/af22654c3bd795e49e4c5a7f01c244b6.pdf
     

Comparte esta página