Ishni bajarish tartibi
Cisco packet tracer dasturi ishga tushiriladi.
Quyida keltirilgan topologiya quriladi.
Qurilgan topologiya testlab ko`riladi.
Router>enable Router#conf t
rasm. Tadqiq qilinayotgan tarmoq topologiyasi ROUTER_1 ga kiritiladigan buyruqlar ketma-ketligi.
Router(config)#int fa 0/0 Router(config-if)#no shut Router(config-if)#ip nat inside
Router(config-if)#ip address 192.168.1.1 255.255.255.0 Router(config)#int fa 0/1
Router(config-if)#no shut
Router(config-if)#ip address 1.1.1.1 255.255.255.252 Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#ip access-list extended for-nat
Router(config-ext-nacl)#deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
Router(config-ext-nacl)#permit ip 192.168.2.0 0.0.0.255 any Router(config-ext-nacl)#exit
Router(config)#ip nat inside source list for-nat int fa 0/1 overload Router(config)#ip route 0.0.0.0 0.0.0.0 1.1.1.2
Router(config)#ip dhcp pool vl2
Router(dhcp-config)#network 192.168.2.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.2.1
Router(dhcp-config)#dns-server 8.8.8.8 Router(dhcp-config)#exit Router(config)#crypto isakmp policy 1 Router(config-isakmp)#encryption aes Router(config-isakmp)#hash md5
Router(config-isakmp)#authentication pre-share Router(config-isakmp)#group 2
Router(config)#crypto isakmp key 123 address 2.2.2.1 Router(config)#crypto ipsec transform-set ts esp-aes esp-md5-hmac Router(config)#ip access-list extended for-vpn
Router(config-ext-nacl)#permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 Router(config-ext-nacl)#exit
Router(config)#crypto map kriptokarta 10 ipsec-isakmp Router(config-crypto-map)#match address for-vpn Router(config-crypto-map)#set peer 2.2.2.1 Router(config-crypto-map)#set transform-set ts Router(config-crypto-map)#exit
Router(config)#int fa 0/1
Router(config-if)#crypto map kriptokarta
*Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
Router(config-if)#exit (VPN qurish jarayoni)
ROUTER_2 kiritiladigan buyruqlar ketma-ketligi.
Router>enable Router#conf t Router(config)#int fa 0/0 Router(config-if)#no shut
Router(config-if)#ip nat inside
Router(config-if)#ip address 192.168.3.1 255.255.255.0 Router(config-if)#exit
Router(config)#int fa 0/1 Router(config-if)#no shut
Router(config-if)#ip address 2.2.2.1 255.255.255.0 Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#ip access-list extended for-nat
Router(config-ext-nacl)#deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
Router(config-ext-nacl)#permit ip 192.168.3.0 0.0.0.255 any Router(config-ext-nacl)#exit
Router(config)#ip nat inside source list for-nat int fa 0/1 overload Router(config)#ip route 0.0.0.0 0.0.0.0 2.2.2.2
Router(config)#ip dhcp pool vl3
Router(dhcp-config)#network 192.168.3.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.3.1
Router(dhcp-config)#dns-server 8.8.8.8 Router(dhcp-config)#exit Router(config)#crypto isakmp policy 1 Router(config-isakmp)#encryption aes Router(config-isakmp)#hash md5
Router(config-isakmp)#authentication pre-share Router(config-isakmp)#group 2
Router(config-isakmp)#exit
Router(config)#crypto isakmp key 123 address 1.1.1.1 Router(config)#crypto ipsec transform-set ts esp-aes esp-md5-hmac Router(config)#ip access-list extended for-vpn
Router(config-ext-nacl)#permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 Router(config-ext-nacl)#exit
Router(config)#crypto map kriptokarta 10 ipsec-isakmp
Router(config-crypto-map)#match address for-vpn Router(config-crypto-map)#set peer 1.1.1.1 Router(config-crypto-map)#set transform-set ts Router(config-crypto-map)#exit Router(config)#int fa 0/1
Router(config-if)#crypto map kriptokarta
*Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
Router(config-if)#exit
ROUTER_3 ga kiritiladigan buyruqlar ketma-ketligi:
Router>enable Router#conf t Router(config)#int fa 0/0 Router(config-if)#no shut
Router(config-if)#ip address 1.1.1.2 255.255.255.252 Router(config)#int fa 0/1
Router(config-if)#no shut
Router(config-if)#ip address 2.2.2.2 255.255.255.0 Router(config-if)#exit
2-rasm. ROUTER_1 ni sozlanmasi.
Bajarilgan laboratoriya ishi testlab ko`riladi, ya`ni PC0 dan PC2 icmp protokoli orqali aloqa tekshirib ko`riladi.
3-rasm. PC0 va PC2 kompyuterlarning manzillari
4-rasm. Topologiyani testlash natijalari
VPN kanal orqali yuborilgan ma`lumotlar statistikasini ko`rish uchun quyidagi buyruq kiritiladi:
|