Easy VPN 検証（その2）

Easy VPN 検証（その2）

「Easy VPN 検証（その1）」の続きです。

ネットワーク構成は、下図の通りです。

ここでは、Router_A、Router_Bのコンフィグを紹介します。

ルータの設定

●Router_Aの設定

!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_A
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
aaa new-model
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
!
aaa session-id common
memory-size iomem 25
!
ip cef
!
crypto pki trustpoint TP-self-signed-2739943660
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2739943660
 revocation-check none
 rsakeypair TP-self-signed-2739943660
!
crypto pki certificate chain TP-self-signed-2739943660
 certificate self-signed 01
  30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32373339 39343336 3630301E 170D3032 30333031 31333133
  34355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37333939
  34333636 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100DE0B 8DB8ADEF AFAEEA8D 5786DA97 87317F12 BCAA6706 6234143F 2221C466
  795EAE42 9D44A192 F1AC39C8 78A2886F AC7E91DE A41858C0 4AF099EB DE099CCE
  5E64D0F5 457279BB A153B34C 4DF5DBD6 5332BE36 078F72ED C5884BD9 0EBC57A3
  63F23BD8 4A0B6A06 3111435D 7B98FBC1 E91C54AE 5785FB6E 710A1052 853C947D
  DD130203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
  551D1104 0C300A82 08526F75 7465725F 41301F06 03551D23 04183016 801478DC
  F8E0DA21 A69EB554 614C76DC 507AD997 1E3E301D 0603551D 0E041604 1478DCF8
  E0DA21A6 9EB55461 4C76DC50 7AD9971E 3E300D06 092A8648 86F70
  03818100 BFBF6AEC DA896A19 32CA1D0D 6F332B67 0B49A369 EE879D6C DA1C7424
  AC03C9CC 66F67730 1482395B 8F494255 761C4378 3F6A7A65 4949D67E 70D75AB5
  7787498C 2B9C0890 D16BC746 B82DA74C 0AF02C5A 49967D10 CFED28FD 24107216
  95E7C220 32CAFBBA B3934B00 2F0F8D00 C09BF942 B39FB277 E21C58F6 046FC879 49B3A237
  quit
username ccnaccnp privilege 15 password 0 ccnaccnp
username ciscoccna privilege 15 secret 5 $1$5Iaq$sNw8MxG2s9tg3xuQ0kazW0
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group easy_vpn
 key cisco
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
 set transform-set ESP-3DES-SHA1
 reverse-route
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_2
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_2
crypto map SDM_CMAP_1 client configuration address respond
!
interface Ethernet0
 ip address 200.200.200.1 255.255.255.0
 half-duplex
 crypto map SDM_CMAP_1
!
interface FastEthernet0
 ip address 192.168.1.1 255.255.255.0
 speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Ethernet0
ip http server
ip http authentication local
ip http secure-server
!
control-plane
!
line con 0
line aux 0
line vty 0 4