ROUTER_2 kiritiladigan buyruqlar ketma-ketligi.
Router>enable Router#conf t Router(config)#int fa 0/0 Router(config-if)#no shut Router(config-if)#ip nat inside Router(config-if)#ip address 192.168.3.1 255.255.255.0 Router(config-if)#exit Router(config)#int fa 0/1 Router(config-if)#no shut Router(config-if)#ip address 2.2.2.1 255.255.255.0 Router(config-if)#ip nat outside Router(config-if)#exit Router(config)#ip access-list extended for-nat Router(config-ext-nacl)#deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 Router(config-ext-nacl)#permit ip 192.168.3.0 0.0.0.255 any Router(config-ext-nacl)#exit Router(config)#ip nat inside source list for-nat int fa 0/1 overload Router(config)#ip route 0.0.0.0 0.0.0.0 2.2.2.2 Router(config)#ip dhcp pool vl3 Router(dhcp-config)#network 192.168.3.0 255.255.255.0 Router(dhcp-config)#default-router 192.168.3.1 Router(dhcp-config)#dns-server 8.8.8.8 Router(dhcp-config)#exit Router(config)#crypto isakmp policy 1 Router(config-isakmp)#encryption aes Router(config-isakmp)#hash md5
189
Router(config-isakmp)#authentication pre-share Router(config-isakmp)#group 2 Router(config-isakmp)#exit Router(config)#crypto isakmp key 123 address 1.1.1.1 Router(config)#crypto ipsec transform-set ts esp-aes esp-md5-hmac Router(config)#ip access-list extended for-vpn Router(config-ext-nacl)#permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 Router(config-ext-nacl)#exit Router(config)#crypto map kriptokarta 10 ipsec-isakmp Router(config-crypto-map)#match address for-vpn Router(config-crypto-map)#set peer 1.1.1.1 Router(config-crypto-map)#set transform-set ts Router(config-crypto-map)#exit Router(config)#int fa 0/1 Router(config-if)#crypto map kriptokarta *Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON Router(config-if)#exit ROUTER_3 ga kiritiladigan buyruqlar ketma-ketligi:
Router>enable Router#conf t Router(config)#int fa 0/0 Router(config-if)#no shut Router(config-if)#ip address 1.1.1.2 255.255.255.252 Router(config)#int fa 0/1 Router(config-if)#no shut Router(config-if)#ip address 2.2.2.2 255.255.255.0 Router(config-if)#exit 17.2-rasm. ROUTER_1 ni sozlanmasi.
Bajarilgan laboratoriya ishi testlab ko`riladi, ya`ni PC0 dan PC2 icmp protokoli orqali aloqa
tekshirib ko`riladi.
190
17.3-rasm. PC0 va PC2 kompyuterlarning manzillari
17.4-rasm. Topologiyani testlash natijalari
VPN kanal orqali yuborilgan ma`lumotlar statistikasini ko`rish uchun quyidagi buyruq
kiritiladi: