Cho sơ đồ mạng như sau:

Hãy cấu hình Site-to-site IPSec VPN kết nối 2 hệ thống mạng giữa văn phòng chính (Headquarter) và văn phòng chi nhánh (Branch).

Bước 4) Kiểm tra kết nối

show crypto isakmp sa

show crypto isakmp policy

show crypto ipsec sa

show crypto map

Headquarter#show crypto isakmp sa

IPv4 Crypto ISAKMP SA

dst src state conn-id slot status

IPv6 Crypto ISAKMP SA

Headquarter#

Headquarter#show crypto isakmp policy

Global IKE policy

Protection suite of priority 20

encryption algorithm: Three key triple DES

hash algorithm: Message Digest 5

authentication method: Pre-Shared Key

Diffie-Hellman group: #1 (768 bit)

lifetime: 3600 seconds, no volume limit

Default protection suite

encryption algorithm: DES - Data Encryption Standard (56 bit keys).

hash algorithm: Secure Hash Standard

authentication method: Rivest-Shamir-Adleman Signature

Diffie-Hellman group: #1 (768 bit)

lifetime: 86400 seconds, no volume limit

Headquarter#

Headquarter#show crypto map

Crypto Map mymap 20 ipsec-isakmp

Peer = 10.10.0.2

Extended IP access list 100

access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

Current peer: 10.10.0.2

Security association lifetime: 4608000 kilobytes/3600 seconds

PFS (Y/N): N

Transform sets={

myset,

}

Interfaces using crypto map mymap:

Serial0/3/0

Headquarter#

Headquarter#show crypto ipsec sa

interface: Serial0/3/0

Crypto map tag: mymap, local addr 20.20.0.2

protected vrf: (none)

local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)

current_peer 10.10.0.2 port 500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0

#pkts not decompressed: 0, #pkts decompress failed: 0

#send errors 0, #recv errors 0

local crypto endpt.: 20.20.0.2, remote crypto endpt.:10.10.0.2

path mtu 1500, ip mtu 1500, ip mtu idb Serial0/3/0

current outbound spi: 0x0(0)

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

Headquarter#

Kiểm tra thông mạng giữa PC-Headquarter & PC-Branch: