• R2 uchun ham shu komadalar yoziladi
    		•

    «Tarmoq xavfsizligi»




    Download 12,81 Mb.
    bet50/73
    Sana23.05.2024
    Hajmi12,81 Mb.
    #251629
    1   ...   46   47   48   49   50   51   52   53   ...   73
    Bog'liq
    «Tarmoq xavfsizligi»

    2. IPsec ni sozlash
    1. R0 marshrutizatori lokal tarmog`idan R2 marshrutizatori lokal tarmog`igacha trafiklarni aniqlash uchun ACL 100 ro`yxatini sozlang.
    R0(config)#access-list 100 permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255
    2. R2 marshrutizatori uchun ham yuqoridagi buyruqni takrorlang.
    R2(config)#access-list 100 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255
    3. R0 va R2 marshrutizatorlarida ISAKMP 1 kriptografiyasini va yana shifrlash kalitini TATU qilib sozlang.
    R0 uchun:
    R0(config)# crypto isakmp enable
    R0(config)#crypto isakmp policy 1
    R0(config-isakmp)#encryption 3des
    R0(config-isakmp)#hash md5
    R0(config-isakmp)#authentication pre-share
    R0(config-isakmp)#group 2
    R0(config-isakmp)#lifetime 86400
    R0(config-isakmp)#exit
    R0(config)#crypto isakmp key KALIT address 80.80.80.2
    R0(config)#crypto ipsec transform-set TATU esp-3des esp-md5-hmac
    R0(config)#access-list 100 permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255
    R0(config)#crypto map KARTA 10 ipsec-isakmp
    R0(config-crypto-map)#set peer 80.80.80.2
    R0(config-crypto-map)#set transform-set TATU
    R0(config-crypto-map)#match address 100
    R0(config-crypto-map)#exit
    R0(config)#interface fastEthernet 0/1
    R0(config-if)#crypto map KARTA
    R0(config-if)#exit
    R2 uchun ham shu komadalar yoziladi
    R2(config)# crypto isakmp enable
    R2(config)#crypto isakmp policy 1
    R2(config-isakmp)#encryption 3des
    R2(config-isakmp)#hash md5
    R2(config-isakmp)#authentication pre-share
    R2(config-isakmp)#group 2
    R2(config-isakmp)#lifetime 86400
    R2(config-isakmp)#exit
    R2(config)#crypto isakmp key KALIT address 195.158.1.1
    R2(config)#crypto ipsec transform-set TATU esp-3des esp-md5-hmac
    Router2(config)#access-list 100 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255
    R2(config)#crypto map KARTA 10 ipsec-isakmp
    R2(config-crypto-map)#set peer 195.158.1.1
    R2(config-crypto-map)#set transform-set TATU
    Router2(config-crypto-map)#match address 100
    Router2(config-crypto-map)#exit
    Router2(config)#interface fastEthernet 0/1
    Router2(config-if)#crypto map KARTA
    Router2(config-if)exit
    Router2(config)ip route 0.0.0.0 0.0.0.0 80.80.80.1

    Download 12,81 Mb.
    1   ...   46   47   48   49   50   51   52   53   ...   73




    Download 12,81 Mb.