cấu hình VPN site-to-site có NAT

This is a sticky topic.

admin

Administrator

Brainiac

Join Date: Apr 2003
Posts: 3830

29-01-2005, 10:38 AM

VPN Router-To-Router Với NAT
Ta có sơ đồ sau:

(Xem hình)

Mô tả:
Bài lab thực hiện quá trình tạo một tunnel giữa 2 LAN của 2 chi nhánh qua một môi trường public vớI router Gateway làm router giả lập ISP. Kết hợp ta sử dụng NAT để cho các host bên trong nôi bộ mạng ra internet trừ những traffic được gửI từ 2 LAN để tạo private tunnel.

Cấu hình:
RA:
Building configuration...

*Mar 1 00:33:37.207: %SYS-5-CONFIG_I: Configured from console by console
Current configuration : 1344 bytes
!
version 12.2
!
hostname RA
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco address 95.95.95.2
!
crypto ipsec transform-set vnpro esp-des
!
crypto map lee 10 ipsec-isakmp
set peer 95.95.95.2
set transform-set vnpro
match address 115
!
interface FastEthernet0/0
ip address 10.50.50.50 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0
ip address 99.99.99.2 255.255.255.0
ip nat outside
no fair-queue
crypto map lee
!
ip nat inside source route-map nonat interface Serial0/0 overload ßtất cả đều NAT khi đi ra ngoài trừ traffic trong tunnel
ip classless
ip route 0.0.0.0 0.0.0.0 99.99.99.1
ip http server
!
access-list 110 deny ip 10.50.50.0 0.0.0.255 10.103.1.0 0.0.0.255
access-list 110 permit ip any any
access-list 115 permit tcp 10.50.50.0 0.0.0.255 10.103.1.0 0.0.0.255
!
route-map nonat permit 10
match ip address 110
!
end

RB
!
hostname RB
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco address 99.99.99.2
!
crypto ipsec transform-set vnpro esp-des
!
crypto map lee 10 ipsec-isakmp
set peer 99.99.99.2
set transform-set vnpro
match address 115
!
interface Ethernet0/0
ip address 10.103.1.75 255.255.255.0
ip nat inside
half-duplex
!
interface Serial0/0
ip address 95.95.95.2 255.255.255.0
ip nat outside
no fair-queue
crypto map lee
!
ip nat inside source route-map nonat interface Serial0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 95.95.95.1
ip http server
!
!
access-list 110 deny ip 10.103.1.0 0.0.0.255 10.50.50.0 0.0.0.255
access-list 110 permit ip any any
access-list 115 permit tcp 10.103.1.0 0.0.0.255 10.50.50.0 0.0.0.255
!
route-map nonat permit 10
match ip address 110
!

end

RI(Gateway)
hostname RI
!
ip subnet-zero
!
interface Serial0
ip address 99.99.99.1 255.255.255.0
clockrate 64000
!
interface Serial1
ip address 95.95.95.1 255.255.255.0
clockrate 64000
!
ip classless
ip route 10.50.50.0 255.255.255.0 99.99.99.2
ip route 10.103.1.0 255.255.255.0 95.95.95.2
end

Thực hiện:

Sau khi đã thực hiện cấu hình các mạng thấy được nhau, ta bắt đầu tạo VPN vớI NAT:
Bước đầu tiên, ta thực hiện cấu hình VPN trên các router (Tương tự như bài VPN basic):
RA:
RA(config)#crypto isakmp policy 10
RA(config-isakmp)#hash md5
RA(config-isakmp)#authentication pre-share
RA(config-isakmp)#exit
RA(config)#crypto isakmp key cisco address 95.95.95.2
RA(config)#crypto ipsec transform-set vnpro esp-des
RA(cfg-crypto-trans)#exit
RA(config)#crypto map lee 10 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
RA(config-crypto-map)#set peer 95.95.95.2
RA(config-crypto-map)#set transform-set vnpro
RA(config-crypto-map)#match address 115
RA(config-crypto-map)#exit
RA(config)#int s0/0
RA(config-if)#crypto map lee
RA(config)#access-list 115 permit tcp 10.50.50.0 0.0.0.255 10.103.1.0 0.0.0.255ß cho phép traffic được mã hóa
RB:
RB(config)#crypto isakmp policy 10
RB(config-isakmp)#hash md5
RB(config-isakmp)#authentication pre-share
RB(config)#crypto isakmp key cisco address 99.99.99.2
RB(config)#crypto ipsec transform-set vnpro esp-des
RB(cfg-crypto-trans)#exit
RB(config)#crypto map lee 10 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
RB(config-crypto-map)#set peer 99.99.99.2
RB(config-crypto-map)#set transform-set vnpro
RB(config-crypto-map)#match address 115
RB(config)#int s0/0
RB(config-if)#crypto map lee
RB(config)#access-list 115 permit tcp 10.103.1.0 0.0.0.255 10.50.50.0 0.0.0.255

Sau khi đã thực hiện tạo VPN, ta thực hiện NAT trên router:
Ta thực hiện NAT overload trên interface nốI vớI Gateway, trừ traffic trong tunnel, để thực hiện điều này, ta phảI sử dụng một route-map để chặn dòng traffic trong tunnel không bị NAT:

RA:
RA(config)#access-list 110 deny ip 10.50.50.0 0.0.0.255 10.103.1.0 0.0.0.255
RA(config)#access-list 110 permit ip any any
RA(config)#route-map nonat
RA(config-route-map)#match ip address 110
RA(config)#ip nat inside source route-map nonat interface s0/0 overload
RA(config)#int s0/0
RA(config-if)#ip nat outside
RA(config)#int fa0/0
RA(config-if)#ip nat inside
RA(config-if)#exit

RB
RB(config)#access-list 110 deny ip 10.103.1.0 0.0.0.255 10.50.50.50 0.0.0.255
RB(config)#access-list 110 permit ip any any
RB(config)#route-map nonat permit 10
RB(config-route-map)#match ip address 110
RB(config)#ip nat inside source route-map nonat interface s0/0 overload
RB(config)#int s0/0
RB(config-if)#ip nat outside
RB(config-if)#int e0/0
RB(config-if)#ip nat inside
RB(config-if)#exit

Kiểm tra:
Ta sử dụng các lệnh show trên các router:
RA#sh crypto isakmp policy
Protection suite of priority 10
encryption algorithm: DES - Data Encryption Standard (56 bit keys).
hash algorithm: Message Digest 5
authentication method: Pre-Shared Key
Diffie-Hellman group: #1 (768 bit)
lifetime: 86400 seconds, no volume limit
Default protection suite
encryption algorithm: DES - Data Encryption Standard (56 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Rivest-Shamir-Adleman Signature
Diffie-Hellman group: #1 (768 bit)
lifetime: 86400 seconds, no volume limit

RA#sh crypto ipsec transform-set
Transform set vnpro: { esp-des }
will negotiate = { Tunnel, },

RA#sh crypto map
Crypto Map "lee" 10 ipsec-isakmp
Peer = 95.95.95.2
Extended IP access list 115
access-list 115 permit tcp 10.50.50.0 0.0.0.255 10.103.1.0 0.0.0.255
Current peer: 95.95.95.2
Security association lifetime: 4608000 kilobytes/3600 seconds
PFS (Y/N): N
Transform sets={ vnpro, }
Interfaces using crypto map lee:
Serial0/0

Thực hiện debug trên các router và ghi nhận kết quả:
Ví dụ: trên RB:Ta thực hiện lệnh ping từ pc bên trong nộI bộ mạng ra ngòai internet và ra chính LAN bên kia: và ghi nhận kết quả lệnh debug ip nat:
RB#debug ip nat
IP NAT debugging is on
RB#debug cry
RB#debug crypto ipsec
Crypto IPSEC debugging is on
RB#debug crypto isakmp
Crypto ISAKMP debugging is on
RB#
*Mar 1 00:41:23.847: NAT: s=10.103.1.1->95.95.95.2, d=99.99.99.1 [1760]
*Mar 1 00:41:23.867: NAT*: s=99.99.99.1, d=95.95.95.2->10.103.1.1 [1760]
*Mar 1 00:41:24.848: NAT*: s=10.103.1.1->95.95.95.2, d=99.99.99.1 [1761]
*Mar 1 00:41:24.868: NAT*: s=99.99.99.1, d=95.95.95.2->10.103.1.1 [1761]
*Mar 1 00:41:25.850: NAT*: s=10.103.1.1->95.95.95.2, d=99.99.99.1 [1762]
*Mar 1 00:41:25.870: NAT*: s=99.99.99.1, d=95.95.95.2->10.103.1.1 [1762]
*Mar 1 00:41:26.847: NAT*: s=10.103.1.1->95.95.95.2, d=99.99.99.1 [1763]
*Mar 1 00:41:26.872: NAT*: s=99.99.99.1, d=95.95.95.2->10.103.1.1 [1763]
RB#
*Mar 1 00:41:44.040: NAT: s=10.103.1.1->95.95.95.2, d=95.95.95.1 [1764]
*Mar 1 00:41:44.064: NAT*: s=95.95.95.1, d=95.95.95.2->10.103.1.1 [1764]
*Mar 1 00:41:45.037: NAT*: s=10.103.1.1->95.95.95.2, d=95.95.95.1 [1765]
*Mar 1 00:41:45.057: NAT*: s=95.95.95.1, d=95.95.95.2->10.103.1.1 [1765]
*Mar 1 00:41:46.039: NAT*: s=10.103.1.1->95.95.95.2, d=95.95.95.1 [1766]
*Mar 1 00:41:46.087: NAT*: s=95.95.95.1, d=95.95.95.2->10.103.1.1 [1766]
*Mar 1 00:41:47.037: NAT*: s=10.103.1.1->95.95.95.2, d=95.95.95.1 [1767]
*Mar 1 00:41:47.061: NAT*: s=95.95.95.1, d=95.95.95.2->10.103.1.1 [1767]
RB#
*Mar 1 00:42:00.270: NAT: s=10.103.1.1->95.95.95.2, d=99.99.99.2 [1768]
*Mar 1 00:42:00.314: NAT*: s=99.99.99.2, d=95.95.95.2->10.103.1.1 [1768]
*Mar 1 00:42:01.272: NAT*: s=10.103.1.1->95.95.95.2, d=99.99.99.2 [1769]
*Mar 1 00:42:01.308: NAT*: s=99.99.99.2, d=95.95.95.2->10.103.1.1 [1769]
*Mar 1 00:42:02.274: NAT*: s=10.103.1.1->95.95.95.2, d=99.99.99.2 [1770]
*Mar 1 00:42:02.310: NAT*: s=99.99.99.2, d=95.95.95.2->10.103.1.1 [1770]
*Mar 1 00:42:03.271: NAT*: s=10.103.1.1->95.95.95.2, d=99.99.99.2 [1771]
*Mar 1 00:42:03.311: NAT*: s=99.99.99.2, d=95.95.95.2->10.103.1.1 [1771]
RB#
*Mar 1 00:42:26.874: NAT: expiring 95.95.95.2 (10.103.1.1) icmp 512 (512)
*Mar 1 00:42:47.063: NAT: expiring 95.95.95.2 (10.103.1.1) icmp 512 (512)
*Mar 1 00:43:03.314: NAT: expiring 95.95.95.2 (10.103.1.1) icmp 512 (512)
Ta thấy khi ping ra các mạng ngòai internet thì router có thực hiện Nat, nhưng khi ping tớI 10.50.50.1 thì router không thực hiện NAT.
CuốI cùng, ta thực hiện telnet đến pc bên kia và ghi nhận debug:
*Mar 1 00:44:42.164: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 95.95.95.2, remote= 99.99.99.2,
local_proxy= 10.103.1.0/255.255.255.0/6/0 (type=4),
remote_proxy= 10.50.50.0/255.255.255.0/6/0 (type=4),
protocol= ESP, transform= esp-des ,
lifedur= 3600s and 4608000kb,
spi= 0x3EFC898D(1056737677), conn_id= 0, keysize= 0, flags= 0x400C
*Mar 1 00:44:42.168: ISAKMP: received ke message (1/1)
*Mar 1 00:44:42.168: ISAKMP: local port 500, remote port 500
*Mar 1 00:44:42.172: ISAKMP (0:1): Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
*Mar 1 00:44:42.172: ISAKMP (0:1): Old State = IKE_READY New State = IKE_I_MM1

*Mar 1 00:44:42.172: ISAKMP (0:1): beginning Main Mode exchange
*Mar 1 00:44:42.172: ISAKMP (0:1): sending packet to 99.99.99.2 (I) MM_NO_STATE
*Mar 1 00:44:42.288: ISAKMP (0:1): received packet from 99.99.99.2 (I) MM_NO_STATE
*Mar 1 00:44:42.288: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Mar 1 00:44:42.288: ISAKMP (0:1): Old State = IKE_I_MM1 New State = IKE_I_MM2

*Mar 1 00:44:42.292: ISAKMP (0:1): processing SA payload. message ID = 0
*Mar 1 00:44:42.292: ISAKMP (0:1): found peer pre-shared key matching 99.99.99.2
*Mar 1 00:44:42.292: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 10 policy
*Mar 1 00:44:42.292: ISAKMP: encryption DES-CBC
*Mar 1 00:44:42.292: ISAKMP: hash MD5
*Mar 1 00:44:42.292: ISAKMP: default group 1
*Mar 1 00:44:42.296: ISAKMP: auth pre-share
*Mar 1 00:44:42.296: ISAKMP: life type in seconds
*Mar 1 00:44:42.296: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
*Mar 1 00:44:42.296: ISAKMP (0:1): atts are acceptable. Next payload is 0
*Mar 1 00:44:42.464: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Mar 1 00:44:42.464: ISAKMP (0:1): Old State = IKE_I_MM2 New State = IKE_I_MM2

*Mar 1 00:44:42.468: ISAKMP (0:1): sending packet to 99.99.99.2 (I) MM_SA_SETUP
*Mar 1 00:44:42.468: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Mar 1 00:44:42.472: ISAKMP (0:1): Old State = IKE_I_MM2 New State = IKE_I_MM3

*Mar 1 00:44:42.680: ISAKMP (0:1): received packet from 99.99.99.2 (I) MM_SA_SETUP
*Mar 1 00:44:42.684: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Mar 1 00:44:42.684: ISAKMP (0:1): Old State = IKE_I_MM3 New State = IKE_I_MM4

*Mar 1 00:44:42.684: ISAKMP (0:1): processing KE payload. message ID = 0
*Mar 1 00:44:42.893: ISAKMP (0:1): processing NONCE payload. message ID = 0
*Mar 1 00:44:42.893: ISAKMP (0:1): found peer pre-shared key matching 99.99.99.2
*Mar 1 00:44:42.893: ISAKMP (0:1): SKEYID state generated
*Mar 1 00:44:42.897: ISAKMP (0:1): processing vendor id payload
*Mar 1 00:44:42.897: ISAKMP (0:1): vendor ID is Unity
*Mar 1 00:44:42.897: ISAKMP (0:1): processing vendor id payload
*Mar 1 00:44:42.897: ISAKMP (0:1): vendor ID is DPD
*Mar 1 00:44:42.897: ISAKMP (0:1): processing vendor id payload
*Mar 1 00:44:42.897: ISAKMP (0:1): speaking to another IOS box!
*Mar 1 00:44:42.897: ISAKMP (0:1): processing vendor id payload
*Mar 1 00:44:42.901: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Mar 1 00:44:42.901: ISAKMP (0:1): Old State = IKE_I_MM4 New State = IKE_I_MM4

*Mar 1 00:44:42.917: ISAKMP (0:1): Send initial contact
*Mar 1 00:44:42.917: ISAKMP (0:1): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
*Mar 1 00:44:42.917: ISAKMP (1): ID payload
next-payload : 8
type : 1
protocol : 17
port : 500
length : 8
*Mar 1 00:44:42.917: ISAKMP (1): Total payload length: 12
*Mar 1 00:44:42.921: ISAKMP (0:1): sending packet to 99.99.99.2 (I) MM_KEY_EXCH
*Mar 1 00:44:42.921: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Mar 1 00:44:42.925: ISAKMP (0:1): Old State = IKE_I_MM4 New State = IKE_I_MM5

*Mar 1 00:44:43.021: ISAKMP (0:1): received packet from 99.99.99.2 (I) MM_KEY_EXCH
*Mar 1 00:44:43.021: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Mar 1 00:44:43.021: ISAKMP (0:1): Old State = IKE_I_MM5 New State = IKE_I_MM6

*Mar 1 00:44:43.025: ISAKMP (0:1): processing ID payload. message ID = 0
*Mar 1 00:44:43.025: ISAKMP (0:1): processing HASH payload. message ID = 0
*Mar 1 00:44:43.025: ISAKMP (0:1): SA has been authenticated with 99.99.99.2
*Mar 1 00:44:43.029: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Mar 1 00:44:43.029: ISAKMP (0:1): Old State = IKE_I_MM6 New State = IKE_I_MM6

*Mar 1 00:44:43.029: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Mar 1 00:44:43.029: ISAKMP (0:1): Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE

*Mar 1 00:44:43.033: ISAKMP (0:1): beginning Quick Mode exchange, M-ID of 2008853158
*Mar 1 00:44:43.037: ISAKMP (0:1): sending packet to 99.99.99.2 (I) QM_IDLE
*Mar 1 00:44:43.037: ISAKMP (0:1): Node 2008853158, Input = IKE_MESG_INTERNAL, IKE_INIT_QM

*Mar 1 00:44:43.037: ISAKMP (0:1): Old State = IKE_QM_READY New State = IKE_QM_I_QM1

*Mar 1 00:44:43.037: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
*Mar 1 00:44:43.037: ISAKMP (0:1): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

*Mar 1 00:44:43.426: ISAKMP (0:1): received packet from 99.99.99.2 (I) QM_IDLE
*Mar 1 00:44:43.430: ISAKMP (0:1): processing HASH payload. message ID = 2008853158
*Mar 1 00:44:43.430: ISAKMP (0:1): processing SA payload. message ID = 2008853158
*Mar 1 00:44:43.434: ISAKMP (0:1): Checking IPSec proposal 1
*Mar 1 00:44:43.434: ISAKMP: transform 1, ESP_DES
*Mar 1 00:44:43.434: ISAKMP: attributes in transform:
*Mar 1 00:44:43.434: ISAKMP: encaps is 1
*Mar 1 00:44:43.434: ISAKMP: SA life type in seconds
*Mar 1 00:44:43.434: ISAKMP: SA life duration (basic) of 3600
*Mar 1 00:44:43.434: ISAKMP: SA life type in kilobytes
*Mar 1 00:44:43.434: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
*Mar 1 00:44:43.438: ISAKMP (0:1): atts are acceptable.
*Mar 1 00:44:43.438: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 95.95.95.2, remote= 99.99.99.2,
local_proxy= 10.103.1.0/255.255.255.0/6/0 (type=4),
remote_proxy= 10.50.50.0/255.255.255.0/6/0 (type=4),
protocol= ESP, transform= esp-des ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
*Mar 1 00:44:43.442: ISAKMP (0:1): processing NONCE payload. message ID = 2008853158
*Mar 1 00:44:43.442: ISAKMP (0:1): processing ID payload. message ID = 2008853158
*Mar 1 00:44:43.442: ISAKMP (0:1): processing ID payload. message ID = 2008853158
*Mar 1 00:44:43.450: ISAKMP (0:1): Creating IPSec SAs
*Mar 1 00:44:43.450: inbound SA from 99.99.99.2 to 95.95.95.2
(proxy 10.50.50.0 to 10.103.1.0)
*Mar 1 00:44:43.450: has spi 0x3EFC898D and conn_id 2000 and flags 4
*Mar 1 00:44:43.450: lifetime of 3600 seconds
*Mar 1 00:44:43.450: lifetime of 4608000 kilobytes
*Mar 1 00:44:43.450: outbound SA from 95.95.95.2 to 99.99.99.2 (proxy 10.103.1.0 to 10.50.50.0 )
*Mar 1 00:44:43.450: has spi -1029094571 and conn_id 2001 and flags C
*Mar 1 00:44:43.454: lifetime of 3600 seconds
*Mar 1 00:44:43.454: lifetime of 4608000 kilobytes
*Mar 1 00:44:43.454: ISAKMP (0:1): sending packet to 99.99.99.2 (I) QM_IDLE
*Mar 1 00:44:43.454: ISAKMP (0:1): deleting node 2008853158 error FALSE reason ""
*Mar 1 00:44:43.454: ISAKMP (0:1): Node 2008853158, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH

*Mar 1 00:44:43.458: ISAKMP (0:1): Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE

*Mar 1 00:44:43.458: IPSEC(key_engine): got a queue event...
*Mar 1 00:44:43.458: IPSEC(initialize_sas): ,
(key eng. msg.) INBOUND local= 95.95.95.2, remote= 99.99.99.2,
local_proxy= 10.103.1.0/255.255.255.0/6/0 (type=4),
remote_proxy= 10.50.50.0/255.255.255.0/6/0 (type=4),
protocol= ESP, transform= esp-des ,
lifedur= 3600s and 4608000kb,
spi= 0x3EFC898D(1056737677), conn_id= 2000, keysize= 0, flags= 0x4
*Mar 1 00:44:43.458: IPSEC(initialize_sas): ,
(key eng. msg.) OUTBOUND local= 95.95.95.2, remote= 99.99.99.2,
local_proxy= 10.103.1.0/255.255.255.0/6/0 (type=4),
remote_proxy= 10.50.50.0/255.255.255.0/6/0 (type=4),
protocol= ESP, transform= esp-des ,
lifedur= 3600s and 4608000kb,
spi= 0xC2A94355(3265872725), conn_id= 2001, keysize= 0, flags= 0xC
*Mar 1 00:44:43.462: IPSEC(create_sa): sa created,
(sa) sa_dest= 95.95.95.2, sa_prot= 50,
sa_spi= 0x3EFC898D(1056737677),
sa_trans= esp-des , sa_conn_id= 2000
*Mar 1 00:44:43.462: IPSEC(create_sa): sa created,
(sa) sa_dest= 99.99.99.2, sa_prot= 50,
sa_spi= 0xC2A94355(3265872725),
sa_trans= esp-des , sa_conn_id= 2001
*Mar 1 00:45:33.456: ISAKMP (0:1): purging node 2008853158

Chú ý: ta phảI bật telnet service trên 2 pc ở 2 chi nhánh để test.

(Lê Anh Đức, http://chuyenviet.com)

Email : vnpro@vnpro.org
---------------------------------------------------------------------------------------------------------------

Trung Tâm Tin Học VnPro
149/1D Ung Văn Khiêm P25 Q.Bình thạnh TPHCM
Tel : (08) 35124257 (5 lines)
Fax: (08) 35124314

Home page: http://www.vnpro.vn
Support Forum: http://www.vnpro.org

- Chuyên đào tạo quản trị mạng và hạ tầng Internet
- Phát hành sách chuyên môn
- Tư vấn và tuyển dụng nhân sự IT
- Tư vấn thiết kế và hỗ trợ kỹ thuật hệ thống mạng

Network channel: http://www.dancisco.com
Blog: http://www.vnpro.org/blog

Tags: None

Stuck

huyngh
- Share
- Tweet
#2

02-05-2008, 04:41 PM

cho xin cai hinh di
Comment
dangquangminh

Super Moderator

Brainiac

Join Date: Oct 2005

Posts: 4732
- Share
- Tweet
#3

27-05-2008, 12:15 AM

bạn có thể download các bài lab IPSEC ở đây:

Code:

http://www.4shared.com/file/49001359/fe795c81/ipsec.html?

Đặng Quang Minh, CCIEx2#11897 (Enterprise Infrastructure, Wireless), DEVNET, CCSI#31417

Email : dangquangminh@vnpro.org
https://www.facebook.com/groups/vietprofessional/
Comment
minh1503

Junior Member

Newbie

Join Date: Jun 2009

Posts: 16
- Share
- Tweet
#4

02-01-2010, 07:23 PM

ko thấy hình đâu
xin admin vui lòng up cho cái hình
:D
Comment

Previous template Next

Announcement

cấu hình VPN site-to-site có NAT

cấu hình VPN site-to-site có NAT

Comment

Comment

Comment