VPN IPsec GRE
CLI Guru - Cisco Eğitim ve Danışmanlık Merkezi |

2007 yılından bu yana aktif olan ciscotr.com, artık " www.bilisim.pro " olarak devam edecektir.  
Mevcut mesajlarınız ve kullanıcı bilgilerinizle sitemizde katılıma devam edebilirsiniz.

+ Reply to Thread
Page 1 of 2 12 LastLast
Results 1 to 10 of 17
VPN IPsec GRE

Merhaba. ben 2 router arasinta VPN kurmaq isteirdim GRE uzerinden IPsec ile. boyle konfiqurasyon yapdim. bunlar duz mu yoksa yalnis Router_A#show run Building configuration... Current configuration : 1720 bytes !

  1. #1
    Riddle is offline Junior Member
    Join Date
    Dec 2008
    Posts
    11

    Unhappy VPN IPsec GRE

    Merhaba. ben 2 router arasinta VPN kurmaq isteirdim GRE uzerinden IPsec ile. boyle konfiqurasyon yapdim. bunlar duz mu yoksa yalnis

    Router_A#show run
    Building configuration...

    Current configuration : 1720 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Router_A
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 $1$F0Gu$oh7B0lhKfpZ/l.pXRBpn1/
    enable password cisco
    !
    aaa new-model
    !
    aaa session-id common
    !
    resource policy
    !
    ip cef
    !
    username cisco password 0 cisco
    !
    crypto isakmp policy 200
    encr aes 256
    authentication pre-share
    group 2
    lifetime 7200
    crypto isakmp key sUpeRkEy address 10.10.10.2
    !
    crypto ipsec transform-set ts-aes-sha esp-aes 256 esp-sha-hmac
    !
    crypto map cr_outside 10 ipsec-isakmp
    set peer 10.10.10.2
    set transform-set ts-aes-sha
    match address 110
    !
    interface Tunnel10
    ip unnumbered FastEthernet0/0
    tunnel source FastEthernet0/0
    tunnel destination 10.10.10.2
    !
    interface FastEthernet0/0
    ip address 10.10.11.2 255.255.255.0
    shutdown
    duplex half
    crypto map cr_outside
    !
    interface Ethernet1/0
    no ip address
    shutdown
    duplex half
    !
    interface Ethernet1/1
    no ip address
    shutdown
    duplex half
    !
    interface Ethernet1/2
    no ip address
    shutdown
    duplex half
    !
    interface Ethernet1/3
    no ip address
    shutdown
    duplex half
    !
    interface Ethernet1/4
    no ip address
    shutdown
    duplex half
    !
    interface Ethernet1/5
    no ip address
    shutdown
    duplex half
    !
    interface Ethernet1/6
    no ip address
    shutdown
    duplex half
    !
    interface Ethernet1/7
    no ip address
    shutdown
    duplex half
    !
    ip route 192.168.2.0 255.255.255.0 Tunnel10
    !
    no ip http server
    no ip http secure-server
    !
    access-list 110 permit gre host 10.10.11.2 host 10.10.10.2
    !
    control-plane
    !
    gatekeeper
    shutdown
    !
    line con 0
    stopbits 1
    line aux 0
    stopbits 1
    line vty 0 4
    !
    !
    end

    Router_A#






    Router_B#sh run
    Building configuration...

    Current configuration : 1380 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Router_B
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 $1$W0W9$2iZ.O7haoFwJdZo4ro6YU/
    enable password cisco
    !
    aaa new-model
    !
    aaa session-id common
    !
    resource policy
    !
    ip cef
    !
    username cisco password 0 cisco
    !
    crypto isakmp policy 200
    encr aes 256
    authentication pre-share
    group 2
    lifetime 7200
    crypto isakmp key sUpeRkEy address 10.10.11.2
    !
    !
    crypto ipsec transform-set ts-aes-sha esp-aes 256 esp-sha-hmac
    !
    crypto map cr_outside 10 ipsec-isakmp
    set peer 10.10.11.2
    set transform-set ts-aes-sha
    match address 110
    !
    !
    !
    !
    interface Tunnel10
    ip unnumbered FastEthernet0/0
    tunnel source FastEthernet0/0
    tunnel destination 10.10.11.2
    !
    interface FastEthernet0/0
    ip address 10.10.10.2 255.255.255.0
    shutdown
    duplex half
    crypto map cr_outside
    !
    interface FastEthernet1/0
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface FastEthernet1/1
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    ip route 192.168.1.0 255.255.255.0 Tunnel10
    !
    no ip http server
    no ip http secure-server
    !
    !
    access-list 110 permit gre host 10.10.10.2 host 10.10.11.2
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    gatekeeper
    shutdown
    !
    !
    line con 0
    stopbits 1
    line aux 0
    stopbits 1
    line vty 0 4
    !
    !
    end

    Router_B#


    yoklaya bilmedim. lakin bana soylediler ki yalniw neyi duzgun yapmadim?

  2. #2
    hakan is offline Senior Member
    Join Date
    Feb 2008
    Location
    istanbul
    Posts
    760

    Default

    BURADA yazdığımız makaleyi bir inceleyin lütfen...

  3. #3
    burner Guest

    Default

    Slm;

    Bu durumda Iki router birbirine ulasamaz, ya routing i degistirceksin yada interfaclerin mask larini ayni yapcaksin...

    Iyi gunler

  4. #4
    Riddle is offline Junior Member
    Join Date
    Dec 2008
    Posts
    11

    Default

    Quote Originally Posted by burner View Post
    Slm;

    Bu durumda Iki router birbirine ulasamaz, ya routing i degistirceksin yada interfaclerin mask larini ayni yapcaksin...

    Iyi gunler


    Routingleri bana soyleye bilersiniz mi?

  5. #5
    burner Guest

    Default

    Slm;

    birkere tunnel int leri up mi?
    Code:
    "#sh ip int b "
    , tabiki degil olmasida mumkun degil iste bunun icin routing yapman gerekiyor... tunnel source si ile destination un biribirine ulasabilmesi icin...
    Code:
    #ip route 10.10.10.2 255.255.255.255 fa0/0
    tabiki diger routerdede
    Code:
    #ip route 10.10.11.2 255.255.255.255 fa0/0
    Genelde ppp de kullaniliyor
    Code:
    peer neighbor-route
    ile olay cozuluyor...

    yada her iki int inde subnet maskini ayni yapman gerekiyor...

    Code:
    10.10.11.2 255.255.0.0
    10.10.10.2 255.255.0.0
    or

    Code:
    10.10.11.1 255.255.255.0
    10.10.11.2 255.255.255.0
    Iyi gunler

  6. #6
    Riddle is offline Junior Member
    Join Date
    Dec 2008
    Posts
    11

    Default

    bana boyle bir wey de soylediler. ASA GRE burakmiyor. soylediler 2 router arasinda VPN IPSec gurmaq lakin GRE olmadan? bunu nasil yapa bilirim?

  7. #7
    Riddle is offline Junior Member
    Join Date
    Dec 2008
    Posts
    11

    Default

    Quote Originally Posted by burner View Post
    Slm;


    yada her iki int inde subnet maskini ayni yapman gerekiyor...

    Code:
    10.10.11.2 255.255.0.0
    10.10.10.2 255.255.0.0
    or

    Code:
    10.10.11.1 255.255.255.0
    10.10.11.2 255.255.255.0
    Iyi gunler


    sunbentler ayni

  8. #8
    Orhan ERGUN is offline Senior Member
    Join Date
    Aug 2008
    Posts
    256

    Default

    Merhaba,

    Gre olmadanda kurabilirsiniz tabi. Tunel interfacelerini up etmek için burner'in soylediği routingi yazınız , ancak configde eth interfacelerin shut olması gozume carptı ?

  9. #9
    Riddle is offline Junior Member
    Join Date
    Dec 2008
    Posts
    11

    Default

    Quote Originally Posted by Orhan ERGUN View Post
    Merhaba,

    Gre olmadanda kurabilirsiniz tabi. Tunel interfacelerini up etmek için burner'in soylediği routingi yazınız , ancak configde eth interfacelerin shut olması gozume carptı ?


    shutdown olmasini sehv yazmisim. bana yeni bir ise duzelmek icin bana tapshirig vermisler. ben bunlari GNS3 uzerinde qurmushdum

    bana kofigurasyonu gondere bilersiniz mi GRE olarak ve GRE olmadan
    size zehmet

  10. #10
    Riddle is offline Junior Member
    Join Date
    Dec 2008
    Posts
    11

    Default

    Router_A#sh run
    Building configuration...

    Current configuration : 1369 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Router_A
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 $1$F0Gu$oh7B0lhKfpZ/l.pXRBpn1/
    enable password cisco
    !
    aaa new-model
    !
    aaa session-id common
    !
    resource policy
    !
    ip cef
    !
    username cisco password 0 cisco
    !
    crypto isakmp policy 200
    encr aes 256
    authentication pre-share
    group 2
    lifetime 7200
    crypto isakmp key sUpeRkEy address 10.10.10.2
    !
    crypto ipsec transform-set ts-aes-sha esp-aes 256 esp-sha-hmac
    !
    crypto map cr_outside 10 ipsec-isakmp
    set peer 10.10.10.2
    set transform-set ts-aes-sha
    match address 110
    !
    interface Tunnel10
    ip unnumbered FastEthernet0/0
    tunnel source FastEthernet0/0
    tunnel destination 10.10.10.2
    !
    interface FastEthernet0/0
    ip address 10.10.11.2 255.255.255.0
    duplex half
    speed auto
    crypto map cr_outside
    !
    interface FastEthernet0/1
    ip address 192.168.1.1 255.255.255.0
    duplex auto
    speed auto
    !
    ip route 10.10.10.2 255.255.255.255 FastEthernet0/0
    ip route 192.168.2.0 255.255.255.0 Tunnel10
    !
    no ip http server
    no ip http secure-server
    !
    access-list 110 permit gre host 10.10.11.2 host 10.10.10.2
    !
    control-plane
    !
    gatekeeper
    shutdown
    !
    line con 0
    stopbits 1
    line aux 0
    stopbits 1
    line vty 0 4
    !
    end

    Router_A#






    Router_B#sh run
    Building configuration...

    Current configuration : 1413 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Router_B
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 $1$W0W9$2iZ.O7haoFwJdZo4ro6YU/
    enable password cisco
    !
    aaa new-model
    !
    aaa session-id common
    !
    resource policy
    !
    ip cef
    !
    username cisco password 0 cisco
    !
    crypto isakmp policy 200
    encr aes 256
    authentication pre-share
    group 2
    lifetime 7200
    crypto isakmp key sUpeRkEy address 10.10.11.2
    !
    crypto ipsec transform-set ts-aes-sha esp-aes 256 esp-sha-hmac
    !
    crypto map cr_outside 10 ipsec-isakmp
    set peer 10.10.11.2
    set transform-set ts-aes-sha
    match address 110
    !
    interface Tunnel10
    ip unnumbered FastEthernet0/0
    tunnel source FastEthernet0/0
    tunnel destination 10.10.11.2
    !
    interface FastEthernet0/0
    ip address 10.10.10.2 255.255.255.0
    duplex half
    speed auto
    crypto map cr_outside
    !
    interface FastEthernet0/1
    ip address 192.168.2.1 255.255.255.0
    duplex auto
    speed auto
    !
    interface POS1/0
    no ip address
    shutdown
    !
    ip route 10.10.11.2 255.255.255.255 FastEthernet0/0
    ip route 192.168.1.0 255.255.255.0 Tunnel10
    !
    no ip http server
    no ip http secure-server
    !
    access-list 110 permit gre host 10.10.10.2 host 10.10.11.2
    !
    control-plane
    !
    gatekeeper
    shutdown
    !
    line con 0
    stopbits 1
    line aux 0
    stopbits 1
    line vty 0 4
    !
    end

    Router_B#




    boyle calisdi. hepsi normal. routingelri duzeltdim. calisiyir



    simdi ayri bir problem qaldi. simdi bana soylediler ki. bu konfigurasyonu GRE olmadan yapim. ASA(firewall) GRE burakmiyor. bu yuzden indi lan-2-lan VPN IPSec olarag, GRE OLMADAN yaplaliyim. budu nasil yapim. bilmiyorum. anlatardiniz mi? ben Cisconun sitesinde oxudum ki, PIX 7.x yukari konfigurasyon olundukda. GRE burakiyor. lakin adam soyleyir ki. ben GRE olmadan IPSec olaraq VPN kurum. yardimci olarsinizmi?

    turkceme gore uzur istiryorum. azeriyim ben. yardiminiza gore cok saq olun. elinize salik

+ Reply to Thread
Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts