Easy VPN 検証(その2)

Easy VPN 検証(その1)」の続きです。

ネットワーク構成は、下図の通りです。

ここでは、Router_A、Router_Bのコンフィグを紹介します。

ルータの設定

●Router_Aの設定

!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_A
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
aaa new-model
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
!
aaa session-id common
memory-size iomem 25
!
ip cef
!
crypto pki trustpoint TP-self-signed-2739943660
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2739943660
 revocation-check none
 rsakeypair TP-self-signed-2739943660
!
crypto pki certificate chain TP-self-signed-2739943660
 certificate self-signed 01
  30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32373339 39343336 3630301E 170D3032 30333031 31333133
  34355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37333939
  34333636 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100DE0B 8DB8ADEF AFAEEA8D 5786DA97 87317F12 BCAA6706 6234143F 2221C466
  795EAE42 9D44A192 F1AC39C8 78A2886F AC7E91DE A41858C0 4AF099EB DE099CCE
  5E64D0F5 457279BB A153B34C 4DF5DBD6 5332BE36 078F72ED C5884BD9 0EBC57A3
  63F23BD8 4A0B6A06 3111435D 7B98FBC1 E91C54AE 5785FB6E 710A1052 853C947D
  DD130203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
  551D1104 0C300A82 08526F75 7465725F 41301F06 03551D23 04183016 801478DC
  F8E0DA21 A69EB554 614C76DC 507AD997 1E3E301D 0603551D 0E041604 1478DCF8
  E0DA21A6 9EB55461 4C76DC50 7AD9971E 3E300D06 092A8648 86F70
  03818100 BFBF6AEC DA896A19 32CA1D0D 6F332B67 0B49A369 EE879D6C DA1C7424
  AC03C9CC 66F67730 1482395B 8F494255 761C4378 3F6A7A65 4949D67E 70D75AB5
  7787498C 2B9C0890 D16BC746 B82DA74C 0AF02C5A 49967D10 CFED28FD 24107216
  95E7C220 32CAFBBA B3934B00 2F0F8D00 C09BF942 B39FB277 E21C58F6 046FC879 49B3A237
  quit
username ccnaccnp privilege 15 password 0 ccnaccnp
username ciscoccna privilege 15 secret 5 $1$5Iaq$sNw8MxG2s9tg3xuQ0kazW0
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group easy_vpn
 key cisco
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
 set transform-set ESP-3DES-SHA1
 reverse-route
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_2
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_2
crypto map SDM_CMAP_1 client configuration address respond
!
interface Ethernet0
 ip address 200.200.200.1 255.255.255.0
 half-duplex
 crypto map SDM_CMAP_1
!
interface FastEthernet0
 ip address 192.168.1.1 255.255.255.0
 speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Ethernet0
ip http server
ip http authentication local
ip http secure-server
!
control-plane
!
line con 0
line aux 0
line vty 0 4
 transport input telnet
!
end

●Router_Bの設定

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_B
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 25
!
ip cef
!
crypto pki trustpoint TP-self-signed-3359589021
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3359589021
 revocation-check none
 rsakeypair TP-self-signed-3359589021
!
crypto pki certificate chain TP-self-signed-3359589021
 certificate self-signed 01
  30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33333539 35383930 3231301E 170D3032 30333031 32303437
  32315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33353935
  38393032 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C6E3 FFA4C100 E27A9889 75B13EB1 C6C1C87A 6371C28F 43FF4316 48DF0508
  25736593 A4413B59 F8C129BE F1E2D197 D46995F1 DF586DD6 3B33CFF2 18FB3BFB
  C30DE8FE 728D5CB7 C982CC11 270C266E FB651E9A C735EF20 99AC3A74 4B31BD06
  D7D7EFFE 13F91A6E 03568E5D 1CDAFBA7 22721869 BA48A9E1 8B7855A6 09A8A689
  B18D0203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
  551D1104 0C300A82 08526F75 7465725F 42301F06 03551D23 04183016 80143EBC
  D6E6F792 4FB69E57 AFE84778 630F2A78 644F301D 0603551D 0E041604 143EBCD6
  E6F7924F B69E57AF E8477863 0F2A7864 4F300D06 092A8648 86F70D01 01040500
  03818100 08C416A7 13C970B4 07E81875 859B4858 7CC93061 2D3E7194 F5161779
  0DD2F4AB 7B7685FF B32A7221 79AAB8BD 9083ED66 CCF13CF0 8AC3C75A 2315E051
  3095BAC0 07B73002 6163ADAB 07F165D2 9A185DD2 C32079B9 8552E30E 8523D254
  A59E1F2C 6F8FD549 79E71576 BDBAC7AE C45030CD 1840C378 52F62E9A B95E740B 7AC9C5B4
  quit
username ccnaccnp privilege 15 password 0 ccnaccnp
!
crypto ipsec client ezvpn Router_A_vpn
 connect auto
 group easy_vpn key cisco
 mode network-extension
 peer 200.200.200.1
 username ciscoccna password ciscoccna
 xauth userid mode local
!
interface Ethernet0
 ip address 200.200.200.2 255.255.255.0
 half-duplex
 crypto ipsec client ezvpn Router_A_vpn
!
interface FastEthernet0
 ip address 192.168.2.1 255.255.255.0
 speed auto
 crypto ipsec client ezvpn Router_A_vpn inside
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Ethernet0
ip http server
ip http authentication local
ip http secure-server
!
control-plane
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet
!
end

コンフィグを見ていただければ、お分かりいただけると思いますが、VPNの設定は、とても複雑です。

Easy VPN機能を使用すると簡単にVPNの設定ができることが分かります。

関連コンテンツ