«Tarmoq xavfsizligi»
Yüklə 12,81 Mb.
|
- Bu səhifədəki naviqasiya:
- R2 uchun ham shu komadalar yoziladi
|
2. IPsec ni sozlash
1. R0 marshrutizatori lokal tarmog`idan R2 marshrutizatori lokal tarmog`igacha trafiklarni aniqlash uchun ACL 100 ro`yxatini sozlang. R0(config)#access-list 100 permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255 2. R2 marshrutizatori uchun ham yuqoridagi buyruqni takrorlang. R2(config)#access-list 100 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255 3. R0 va R2 marshrutizatorlarida ISAKMP 1 kriptografiyasini va yana shifrlash kalitini TATU qilib sozlang. R0 uchun: R0(config)# crypto isakmp enable R0(config)#crypto isakmp policy 1 R0(config-isakmp)#encryption 3des R0(config-isakmp)#hash md5 R0(config-isakmp)#authentication pre-share R0(config-isakmp)#group 2 R0(config-isakmp)#lifetime 86400 R0(config-isakmp)#exit R0(config)#crypto isakmp key KALIT address 80.80.80.2 R0(config)#crypto ipsec transform-set TATU esp-3des esp-md5-hmac R0(config)#access-list 100 permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255 R0(config)#crypto map KARTA 10 ipsec-isakmp R0(config-crypto-map)#set peer 80.80.80.2 R0(config-crypto-map)#set transform-set TATU R0(config-crypto-map)#match address 100 R0(config-crypto-map)#exit R0(config)#interface fastEthernet 0/1 R0(config-if)#crypto map KARTA R0(config-if)#exit R2 uchun ham shu komadalar yoziladi R2(config)# crypto isakmp enable R2(config)#crypto isakmp policy 1 R2(config-isakmp)#encryption 3des R2(config-isakmp)#hash md5 R2(config-isakmp)#authentication pre-share R2(config-isakmp)#group 2 R2(config-isakmp)#lifetime 86400 R2(config-isakmp)#exit R2(config)#crypto isakmp key KALIT address 195.158.1.1 R2(config)#crypto ipsec transform-set TATU esp-3des esp-md5-hmac Router2(config)#access-list 100 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255 R2(config)#crypto map KARTA 10 ipsec-isakmp R2(config-crypto-map)#set peer 195.158.1.1 R2(config-crypto-map)#set transform-set TATU Router2(config-crypto-map)#match address 100 Router2(config-crypto-map)#exit Router2(config)#interface fastEthernet 0/1 Router2(config-if)#crypto map KARTA Router2(config-if)exit Router2(config)ip route 0.0.0.0 0.0.0.0 80.80.80.1 Yüklə 12,81 Mb. Dostları ilə paylaş:
|