Kamis, 15 Juli 2021

VPN IPSec dengan Cisco Packet Tracer

 Lab ini adalah mengkonfigurasi VPN IPsec site to site dengan menggunakan simulator Cisco Packet tracer. VPN IPsec adalah jaringan private virtual dengan menggunakan encryption untuk membentuk keamanan packet.  Seperti  pada gambar topology yang memilik dua buah router yaitu router cabang BOR1 dan router Head quarter HQR1.

Untuk confignya silakan ikut dengan benar.

ISP#show run
hostname ISP
interface GigabitEthernet0/0/0
description connection to client Branch Office
ip address 102.102.165.1 255.255.255.252
duplex auto
speed auto
!
interface GigabitEthernet0/0/1
description connection to client Head Quater Office
ip address 102.102.165.5 255.255.255.252
duplex auto
speed auto
!
end

ISP#
Config pada router Branch Office
BO#show run
hostname BO
!
ip dhcp excluded-address 192.168.0.1 192.168.0.10
!
ip dhcp pool LAN_BO
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 8.8.8.8
!
! Config untuk membentuk VPN IPsec
crypto isakmp policy 10
encr aes 256
authentication pre-share
!
crypto isakmp key cisco address 102.102.165.6
!
crypto ipsec transform-set TSET ah-sha-hmac
!
crypto map KMAP 10 ipsec-isakmp
description secure connection to HQ
set peer 102.102.165.6
set transform-set TSET
match address 101
!
interface GigabitEthernet0/0/0
description connection to router iSP
ip address 102.102.165.2 255.255.255.252
ip nat outside
duplex auto
speed auto
!
! Mengaktifkan IPSec
crypto map KMAP
!
interface GigabitEthernet0/0/1
description connection to local LAN
ip address 192.168.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip nat inside source list 100 interface GigabitEthernet0/0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
access-list 100 deny ip 192.168.0.0 0.0.0.255 172.16.0.0 0.0.0.255
access-list 100 permit ip any any
access-list 101 permit ip 192.168.0.0 0.0.0.255 172.16.0.0 0.0.0.255
!
BO#
Config pada router Head Quarter
HQ#show run
!
hostname HQ
!
! Config untuk membentuk VPN IPsec
crypto isakmp policy 10
encr aes 256
authentication pre-share
!
crypto isakmp key cisco address 102.102.165.2
!
crypto ipsec transform-set TSET ah-sha-hmac
!
crypto map KMAP 10 ipsec-isakmp
description secure connection to HQ
set peer 102.102.165.6
set peer 102.102.165.2
set transform-set TSET
match address 101
!
interface GigabitEthernet0/0/0
description connection to router iSP
ip address 102.102.165.6 255.255.255.252
duplex auto
speed auto
!
! Mengkatifkan IPsec
crypto map KMAP
!
interface GigabitEthernet0/0/1
description connection to local Server
ip address 172.16.0.1 255.255.255.0
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
ip flow-export version 9
!
!access-list 101 permit ip 172.16.0.0 0.0.0.255 192.168.0.0 0.0.0.255
!
HQ#

well, done. cobalah untuk generate packet dengan cara melakukan pinging dari PC1 ke Server.

at

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)