If everything is correct, Host-BR should be able to open website test ping with Server-HQ 192.168.0.7 in Headquarter network. – Use crypto map name “Site-to-Site” with sequence no.101 and access-listno.101 to be the VPN traffic. – For IKE phase II: Use Transform-set name “Ranet” and ESP transformusing AES with HMAC-SHA as authentication Alg. Please notethat IP address of WAN interface of Ranet-HQ is 202.170.100.130. Pre-Shared Key Diffie-Hellmangroup #5 and lifetime at 86,400 sec. AES-128 bit Hash Alg.Secure HAsh standard Authen method. – For IKE phase I:- Policy Priority 101 Encryption Alg. Config the Site-to-Site IPsec VPN by using the properties as below: (for NAT, use access-list no.100 and pool name “Ranet” that contain the globalIP received from ISP as 202.170.100.9 – 202.170.100.14)ĥ. Config the route and NAT on Ranet-BR to let the Hosts in LAN connect to theinternet (do not forget to exclude the VPN traffic). Set IP address on Host-BR to be the last assignable IP of 192.169.1.0/28network, and set IP of Gateway and DNS server (202.170.100.54) also.Ĥ. Enable WAN interface on Ranet-BR and set IP address to be the lastassignable IP of 202.170.100.28/30 network.ģ. Enable LAN interface on Ranet-BR and set IP address to be the firstassignable IP of 192.168.1.0/28 network.Ģ. (configure via console terminal for Ranet-BR router)ġ. You are the Network Administrator at Ranet Branch Office,and have to newly configure the Ranet-Br router to let your own hostconnect to the internet and connect to the hosts in Headquarter (192.168.0.0/24)via Site-to-Site IPsec VPN as below: LAB 4-8: Virtual Private Network (VPN) – IPsec (Site-to-Site)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |