Cấu hình Router R1





Building configuration...



Current configuration : 2342 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

!

no aaa new-model

!

ip subnet-zero

!

ip cef

!

no ip domain lookup

!

no ftp-server write-enable

!

crypto isakmp policy 10

authentication pre-share

crypto isakmp key ciscokey address 100.1.1.2

no crypto isakmp ccm

!

crypto ipsec transform-set to_fred esp-des esp-md5-hmac

!

crypto map myvpn 10 ipsec-isakmp

set peer 100.1.1.2

set transform-set to_fred

match address 101

!

interface FastEthernet0/0

ip address 200.1.1.2 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map myvpn

!

interface FastEthernet0/1

ip address 192.168.1.254 255.255.255.0

ip nat inside

ip virtual-reassembly

ip route-cache policy

ip policy route-map nonat

duplex auto

speed auto

!

interface Serial0/2/0

no ip address

shutdown

clockrate 2000000

!

no ip address

shutdown

hold-queue 60 out

!

ip classless

ip route 0.0.0.0 0.0.0.0 200.1.1.1 permanent

!

!

ip http server

no ip http secure-server

ip nat inside source list 122 interface FastEthernet0/0 overload

!

access-list 101 permit ip 192.168.1.0 0.0.0.255 1.1.1.0 0.0.0.255

access-list 101 deny ip 192.168.1.0 0.0.0.255 any

access-list 122 deny ip 192.168.1.0 0.0.0.255 1.1.1.0 0.0.0.255

access-list 122 deny ip host 192.168.1.3 any

access-list 122 permit ip 192.168.1.0 0.0.0.255 any

access-list 123 permit ip host 192.168.1.3 1.1.1.0 0.0.0.255

!

route-map nonat permit 10

match ip address 123

set ip next-hop 1.1.1.2

!

control-plane

!

!

End





Cấu hình Router R2:





Building configuration...



Current configuration : 1258 bytes

!

version 12.3

!

hostname R2

!

!

no aaa new-model

ip subnet-zero

ip cef

!

no ip domain lookup

!

ip audit po max-events 100

!

crypto isakmp policy 10

authentication pre-share

crypto isakmp key ciscokey address 200.1.1.2

!

!

crypto ipsec transform-set to_fred esp-des esp-md5-hmac

!

crypto map myvpn 10 ipsec-isakmp

set transform-set to_fred

match address 101

!

interface Loopback0

ip address 1.1.1.1 255.255.255.0

!

interface Ethernet0/0

ip address 100.1.1.2 255.255.255.0

ip nat outside

half-duplex

crypto map myvpn

!

ip nat inside source list 175 interface Ethernet0/0 overload

ip http server

no ip http secure-server

ip classless

ip route 0.0.0.0 0.0.0.0 100.1.1.1

!

access-list 101 permit ip 1.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 175 deny ip 1.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 175 permit ip 1.1.1.0 0.0.0.255 any

!

dial-peer cor custom

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

privilege level 15

no login



Ghi chú: Trong mô hình đám mây Internet là Switch Layer 3 hoặc Router chỉ cấu hình IP kết nối với các Router R1, R2.
​