แนะนำ เรื่อง routing หน่อย เวลา ต่อ กับ internet ว่า ควรทำอย่างใง
ความรู้ vpn น้อยมาก ถ้า ผิดอาราย ชี้แนะ หน่อยคับ
ที่ผมทำใน lab
===============================================================================
R1 Hub
conf t
access-list 111 deny ip 10.10.10.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 111 permit ip 10.10.10.0 0.0.0.255 any
ip nat inside source list 111 interface fas 0/0 overload
interface loopback0
ip nat inside
sh
no sh
interface FastEthernet 0/0
ip nat outside
sh
no sh
int loopback 0
ip add 10.10.10.10 255.255.255.0
no sh
int f 0/0
ip add 192.168.1.1 255.255.255.0
no sh
crypto isakmp policy 1
authentication pre-share
crypto isakmp key yutyut12 address 0.0.0.0
crypto ipsec transform-set yut1 esp-des esp-md5-hmac
crypto map ppyut local-address fastEthernet 0/0
crypto map ppyut 10 ipsec-isakmp
set peer 192.168.1.2
set transform-set yut1
match address 101
crypto map ppyut 20 ipsec-isakmp
set peer 192.168.1.3
set transform-set yut1
match address 102
access-list 101 permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255
access-list 102 permit ip 10.10.10.0 0.0.0.255 30.30.30.0 0.0.0.255
int f 0/0
crypto map ppyut
sh
no sh
==================================================================
===================================================================
R2 (spoke)
conf t
access-list 111 deny ip 20.20.20.0 0.0.0.255 20.20.20.0 0.0.0.255
access-list 111 permit ip 20.20.20.0 0.0.0.255 any
ip nat inside source list 111 interface fas 0/0 overload
interface loopback0
ip nat inside
sh
no sh
interface FastEthernet 0/0
ip nat outside
sh
no sh
conf t
int loopback 0
ip add 20.20.20.20 255.255.255.0
no sh
int f 0/0
ip add 192.168.1.2 255.255.255.0
no sh
crypto isakmp policy 1
authentication pre-share
crypto isakmp key yutyut12 address 0.0.0.0
crypto ipsec transform-set yut1 esp-des esp-md5-hmac
crypto map ppyut local-address fastEthernet 0/0
crypto map ppyut 10 ipsec-isakmp
set peer 192.168.1.1
set transform-set yut1
match address 101
access-list 101 permit ip 20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255
int f 0/0
crypto map ppyut
sh
no sh