<![CDATA[
<p><b>가상사설망(VPN) - Virtual Private Network</b></p><p> </p><div class="figure-img" data-ke-type="image" data-ke-style="alignCenter" data-ke-mobilestyle="widthOrigin"><img src="https://t1.daumcdn.net/cafeattach/1UMtP/c675e6e31ccc12e98f786459600036bc9073e506" class="txc-image" data-img-src="https://t1.daumcdn.net/cafeattach/1UMtP/c675e6e31ccc12e98f786459600036bc9073e506" data-origin-width="647" data-origin-height="276"></div><div class="table-wrap"><table data-ke-type="table" data-ke-align="alignLeft" style="width: 100%; height: 144px;" border="1" data-ke-style="style15"><tbody><tr style="height: 18px;"><td style="width: 18.9769%; height: 18px; text-align: center;">단계별</td><td style="width: 63.4075%; height: 18px; text-align: center;">예제 코드</td><td style="width: 17.6155%; height: 18px; text-align: center;">설명</td></tr><tr><td style="width: 18.9769%;">PC IP 설정</td><td style="width: 63.4075%;">PC0:  IP: 203.230.9.2/24   GW: 203.230.9.1<br>PC1:  IP: 203.230.7.2/24   GW: 203.230.7.1<br>PC2:  IP: 203.230.8.2/24   GW: 203.230.8.1 </td><td style="width: 17.6155%;"></td></tr><tr style="height: 18px;"><td style="width: 18.9769%; height: 18px;">R1 설정</td><td style="width: 63.4075%; height: 18px;">Router>en <br>Router# conf t <br>Router(config)# hostname R1 <br><br>R1(config)# <span style="color: #006dd7;"><b>int gi0/0</b></span> <br>R1(config-if)# <span style="color: #006dd7;"><b>ip add 203.230.9.1 255.255.255.0</b></span> <br>R1(config-if)# <span style="color: #006dd7;"><b>no shut</b></span> <br>R1(config-if)# exit<br><br>R1(config)# <span style="color: #006dd7;"><b>int s0/2/0</b></span> <br>R1(config-if)# <span style="color: #006dd7;"><b>ip add 203.230.10.1 255.255.255.0</b></span> <br>R1(config-if)# <span style="color: #006dd7;"><b>no shut</b></span> <br>R1(config-if)# exit<br><br>R1(config)# <span style="color: #006dd7;"><b>router ospf 7</b></span> <br>R1(config-router)# <span style="color: #006dd7;"><b>network 203.230.9.1 0.0.0.0 area 0</b></span> <br>R1(config-router)# <span style="color: #006dd7;"><b>network 203.230.10.1 0.0.0.0 area 0</b></span> <br>R1(config-router)# exit</td><td style="width: 17.6155%; height: 18px;"></td></tr><tr style="height: 18px;"><td style="width: 18.9769%; height: 18px;">R2 설정</td><td style="width: 63.4075%; height: 18px;">Router>en<br>Router# conf t <br>Router(config)# hostname R2<br><br>R2(config)#<span style="color: #006dd7;"><b> int gi0/0</b></span> <br>R2(config-if)# <span style="color: #006dd7;"><b>ip add 203.230.7.1 255.255.255.0</b></span> <br>R2(config-if)# <span style="color: #006dd7;"><b>no shut</b></span> <br>R2(config-if)# exit<br><br>R2(config)# <span style="color: #006dd7;"><b>int s0/2/0</b></span> <br>R2(config-if)# <span style="color: #006dd7;"><b>ip add 203.230.10.2 255.255.255.0</b></span> <br>R2(config-if)# <span style="color: #006dd7;"><b>no shut</b></span> <br>R2(config-if)# exit<br><br>R2(config)# <span style="color: #006dd7;"><b>int s0/2/1</b></span> <br>R2(config-if)#<span style="color: #006dd7;"><b> ip add 203.230.11.2 255.255.255.0</b></span> <br>R2(config-if)# <span style="color: #006dd7;"><b>no shut</b></span><br><br>R2(config-if)# <span style="color: #006dd7;"><b>router ospf 7</b></span> <br>R2(config-router)# <span style="color: #006dd7;"><b>network 203.230.7.1 0.0.0.0 area 0</b></span> <br>R2(config-router)# <span style="color: #006dd7;"><b>network 203.230.10.2 0.0.0.0 area 0</b></span> <br>R2(config-router)# <span style="color: #006dd7;"><b>network 203.230.11.2 0.0.0.0 area 0</b></span></td><td style="width: 17.6155%; height: 18px;"></td></tr><tr style="height: 18px;"><td style="width: 18.9769%; height: 18px;">R3 설정</td><td style="width: 63.4075%; height: 18px;">Router>en <br>Router# conf t <br>Router(config)# hostname R3<br><br>R3(config)# <span style="color: #006dd7;"><b>int gi0/0</b></span> <br>R3(config-if)# <span style="color: #006dd7;"><b>ip add 203.230.8.1 255.255.255.0</b></span> <br>R3(config-if)# <span style="color: #006dd7;"><b>no shut</b></span> <br>R3(config-if)# exit<br><br>R3(config)#<span style="color: #006dd7;"><b> int s0/2/0</b></span> <br>R3(config-if)# <span style="color: #006dd7;"><b>ip add 203.230.11.1 255.255.255.0</b></span> <br>R3(config-if)#<span style="color: #006dd7;"><b> no shut</b></span> <br>R3(config-if)# exit<br><br>R3(config)#<span style="color: #006dd7;"><b> router ospf 7</b></span> <br>R3(config-router)# <span style="color: #006dd7;"><b>network 203.230.8.1 0.0.0.0 area 0</b></span> <br>R3(config-router)# <span style="color: #006dd7;"><b>network 203.230.11.1 0.0.0.0 area 0</b></span></td><td style="width: 17.6155%; height: 18px;"></td></tr><tr style="height: 18px;"><td style="width: 18.9769%; height: 18px;">설정확인</td><td style="width: 63.4075%; height: 18px;">R1# <b>sh ip router</b><br>R2# <b>sh ip ro<b>uter</b></b><br>R3# <b>sh ip ro<b>uter</b></b></td><td style="width: 17.6155%; height: 18px;"></td></tr><tr style="height: 18px;"><td style="width: 18.9769%; height: 18px;">R1에 GRE 터널 설정</td><td style="width: 63.4075%; height: 18px;">R1(config)# <span style="color: #006dd7;"><b>int tunnel 13</b></span> <br>R1(config-if)# <span style="color: #006dd7;"><b>ip add 163.180.116.1 255.255.255.0</b></span> <br>R1(config-if)# <span style="color: #006dd7;"><b>tunnel source s0/2/0</b></span> <br>R1(config-if)# <span style="color: #006dd7;"><b>tunnel destination 203.230.11.1</b></span> <br>R1(config-if)# exit<br><br>R1(config)# <span style="color: #006dd7;"><b>int lo 1</b></span><br>R1(config-if)#<span style="color: #006dd7;"><b> ip add 1.1.1.1 255.255.255.0</b></span> <br>R1(config-if)# exit<br><br>R1(config)# <span style="color: #006dd7;"><b>router rip</b></span> <br>R1(config-router)# <span style="color: #006dd7;"><b>version 2</b></span> <br>R1(config-router)# <span style="color: #006dd7;"><b>no auto-summary</b></span> <br>R1(config-router)# <span style="color: #006dd7;"><b>network 1.0.0.0</b></span> <br>R1(config-router)# <span style="color: #006dd7;"><b>network 163.180.0.0</b></span></td><td style="width: 17.6155%; height: 18px;"></td></tr><tr style="height: 18px;"><td style="width: 18.9769%; height: 18px;">R3에 GRE 터널 설정</td><td style="width: 63.4075%; height: 18px;">R3(config)# <span style="color: #006dd7;"><b>int tunnel 13</b></span> <br>R3(config-if)# <span style="color: #006dd7;"><b>ip add 163.180.116.2 255.255.255.0</b></span> <br>R3(config-if)# <span style="color: #006dd7;"><b>tunnel source s0/2/0</b></span> <br>R3(config-if)# <span style="color: #006dd7;"><b>tunnel destination 203.230.10.1</b></span> <br>R3(config-if)# exit<br><br>R3(config)# <span style="color: #006dd7;"><b>int lo 1</b></span> <br>R3(config-if)# <span style="color: #006dd7;"><b>ip add 3.3.3.1 255.255.255.0</b></span> <br>R3(config-if)# exit<br><br>R3(config)# <span style="color: #006dd7;"><b>router rip</b></span> <br>R3(config-router)# <span style="color: #006dd7;"><b>version 2</b></span> <br>R3(config-router)#<span style="color: #006dd7;"><b> no auto-summary</b></span> <br>R3(config-router)# <span style="color: #006dd7;"><b>network 3.0.0.0</b></span> <br>R3(config-router)# <span style="color: #006dd7;"><b>network 163.180.0.0</b></span></td><td style="width: 17.6155%; height: 18px;"></td></tr><tr style="height: 18px;"><td style="width: 18.9769%; height: 18px;">터널링 설정 확인 </td><td style="width: 63.4075%; height: 18px;">R1# <b>show ip route rip</b><br><br>R     3.3.3.0  [120/1]  via  163.180.116.2,  00:00:21,  Tunnel13<br><br>R3# <b>show ip route rip</b><br><br>R     1.1.1.0  [120/1]  via  163.180.116.2,  00:00:21,  Tunnel13<br><br>R1#<b> traceroute 3.3.3.1 </b>           (논리적 인터페이스 터널)<br><br>1    163.180.116.2   6  msec    11 msec    8 sec<br><br>R1# <b>traceroute 203.230.8.2</b>     (물리적 인터페이스 터널)<br><br>1    203.230.10.2    11  msec   5 msec    3 sec<br>2    203.230.11.1     5  msec    0 msec    6 sec<br>3    203.230.8.2      1  msec    2 msec    0 sec</td><td style="width: 17.6155%; height: 18px;"></td></tr></tbody></table></div><p> </p><p><b>* 터널링을 통한 트래픽 분산과 제어</b></p><p>- PC1->PC2 핑 보낼 때는 논리적 인터페이스 터널 사용</p><p>- 그외의 장치로 핑 보낼 때는 물리적 인터페이스 사용</p><div class="figure-img" data-ke-type="image" data-ke-style="alignCenter" data-ke-mobilestyle="widthOrigin"><img src="https://t1.daumcdn.net/cafeattach/1UMtP/10f6ea0fbd83abeec71c9b944d5b4f59996a5ad9" class="txc-image" data-img-src="https://t1.daumcdn.net/cafeattach/1UMtP/10f6ea0fbd83abeec71c9b944d5b4f59996a5ad9" data-origin-width="525" data-origin-height="225"></div><div class="table-wrap"><table data-ke-type="table" data-ke-align="alignLeft" style="width: 100%;" border="1" data-ke-style="style15"><tbody><tr><td style="width: 19.5533%; text-align: center;">단계별</td><td style="width: 62.7897%; text-align: center;">예제 코드</td><td style="width: 17.6569%; text-align: center;">설명</td></tr><tr><td style="width: 19.5533%;">PC IP 설정</td><td style="width: 62.7897%;">PC0:  IP: 203.230.9.2/24   GW: 203.230.9.1<br>PC1:  IP: 203.230.7.2/24   GW: 203.230.7.1</td><td style="width: 17.6569%;"></td></tr><tr><td style="width: 19.5533%;">R1의 터널링 설정</td><td style="width: 62.7897%;">R1(config)# <span style="color: #006dd7;"><b>int gi0/0</b></span> <br>R1(config-if)# <span style="color: #006dd7;"><b>ip add 203.230.9.1 255.255.255.0</b></span> <br>R1(config-if)# <span style="color: #006dd7;"><b>no shut</b></span> <br>R1(config-if)# exit<br><br>R1(config)# <span style="color: #006dd7;"><b>int s0/2/0</b></span> <br>R1(config-if)#<span style="color: #006dd7;"><b> ip add 203.230.10.1 255.255.255.0</b></span> <br>R1(config-if)# <span style="color: #006dd7;">no shut</span> <br>R1(config-if)# exit<br><br>R1(config)#<span style="color: #006dd7;"><b> int tunnel 1</b></span> <br>R1(config-if)#<span style="color: #006dd7;"><b> ip add 150.183.235.1 255.255.255.0</b></span> <br>R1(config-if)# <span style="color: #006dd7;"><b>tunnel source s0/2/0</b></span> <br>R1(config-if)# <span style="color: #006dd7;"><b>tunnel destination 203.230.10.2</b></span> <br>R1(config-if)# exit<br><br>R1(config)#<span style="color: #006dd7;"><b> router rip</b></span> <br>R1(config-router)# <span style="color: #006dd7;"><b>version 2</b></span> <br>R1(config-router)# <span style="color: #006dd7;"><b>network 203.230.9.0</b></span> <br>R1(config-router)# <span style="color: #006dd7;"><b>network 203.230.10.0</b></span> <br>R1(config-router)# <span style="color: #006dd7;"><b>no auto-summary</b></span> <br>R1(config-router)# exit<br><br>R1(config)# <span style="color: #006dd7;"><b>ip route 203.230.7.0 255.255.255.0 150.183.235.2</b></span></td><td style="width: 17.6569%;"></td></tr><tr><td style="width: 19.5533%;">R2의 터널링 설정</td><td style="width: 62.7897%;">R2(config)#<span style="color: #006dd7;"><b> int gi0/0</b></span> <br>R2(config-if)# <span style="color: #006dd7;"><b>ip add 203.230.7.1 255.255.255.0</b></span> <br>R2(config-if)# <span style="color: #006dd7;"><b>no shut</b></span> <br>R2(config-if)# exit<br><br>R2(config)#<span style="color: #006dd7;"><b> int s0/2/0</b></span> <br>R2(config-if)# <span style="color: #006dd7;"><b>ip add 203.230.10.2 255.255.255.0</b></span> <br>R2(config-if)# <span style="color: #006dd7;"><b>no shut</b></span> <br>R2(config-if)# exit<br><br>R2(config)# <span style="color: #006dd7;"><b>int tunnel 1</b></span> <br>R2(config-if)# <span style="color: #006dd7;"><b>ip add 150.183.235.2 255.255.255.0</b></span> <br>R2(config-if)# <span style="color: #006dd7;"><b>tunnel source s0/2/0</b></span> <br>R2(config-if)# <span style="color: #006dd7;"><b>tunnel destination 203.230.10.1</b></span> <br>R2(config-if)# exit<br><br>R2(config)# <span style="color: #006dd7;"><b>router rip</b></span> <br>R2(config-router)# <span style="color: #006dd7;"><b>version 2</b></span> <br>R2(config-router)# <span style="color: #006dd7;"><b>network 203.230.7.0</b></span> <br>R2(config-router)# <span style="color: #006dd7;"><b>network 203.230.10.0</b></span> <br>R2(config-router)# <span style="color: #006dd7;"><b>no auto-summary</b></span> <br>R2(config-router)# exit<br><br>R2(config)# <span style="color: #006dd7;"><b>ip route 203.230.9.0 255.255.255.0 150.183.235.1</b></span></td><td style="width: 17.6569%;"></td></tr><tr><td style="width: 19.5533%;">PC0에서 터널링 설정 확인</td><td style="width: 62.7897%;">PC0> <b>tracert 203.230.7.3</b></td><td style="width: 17.6569%;">목적지가 203.230.7.2일 때는 150.183.235.2의 경로를 거쳐가는 논리적인 인터페이스 터널을 사용함</td></tr></tbody></table></div><p> </p><p>* IPSec VPN 실습</p><div class="figure-img" data-ke-type="image" data-ke-style="alignCenter" data-ke-mobilestyle="widthOrigin"><img src="https://t1.daumcdn.net/cafeattach/1UMtP/9f0e56f4df96e05f9612582a184cc66da410eb4c" class="txc-image" data-img-src="https://t1.daumcdn.net/cafeattach/1UMtP/9f0e56f4df96e05f9612582a184cc66da410eb4c" data-origin-width="720" data-origin-height="297"></div><p><span style="color: #ee2323;">아래 설정을 마친 후 패킷트레이서의 파일을 저장하고 패킷트레이서를 재시작하여 파일을 다시 읽어들여야 한다.</span></p><div class="table-wrap"><table data-ke-type="table" data-ke-align="alignLeft" style="width: 100%; height: 3447px;" border="1" data-ke-style="style15"><tbody><tr style="height: 18px;"><td style="width: 20.059%; height: 18px; text-align: center;">단계별</td><td style="width: 65.8237%; height: 18px; text-align: center;">예제 코드</td><td style="width: 14.1172%; height: 18px; text-align: center;">설명</td></tr><tr><td style="width: 20.059%;">PC IP 설정</td><td style="width: 65.8237%;">PC0:  IP: 203.230.7.2/24   GW: 203.230.7.1<br>PC1:  IP: 203.230.8.2/24   GW: 203.230.8.1<br>PC2:  IP: 203.230.11.2/24   GW: 203.230.11.1<br>PC3:  IP: 203.230.12.2/24   GW: 203.230.12.1</td><td style="width: 14.1172%;"></td></tr><tr style="height: 309px;"><td style="width: 20.059%; height: 309px;">R1에 IPSec VPN 설정<br>(기본설정)</td><td style="width: 65.8237%; height: 309px;">R1(config)#<span style="color: #006dd7;"><b> int gi0/0</b></span> <br>R1(config-if)# <span style="color: #006dd7;"><b>ip add 203.230.7.1 255.255.255.0</b></span> <br>R1(config-if)# <span style="color: #006dd7;"><b>no shut</b></span> <br>R1(config-if)# exit<br><br>R1(config)# <span style="color: #006dd7;"><b>int gi0/1</b></span> <br>R1(config-if)# <span style="color: #006dd7;"><b>ip add 203.230.8.1 255.255.255.0</b></span> <br>R1(config-if)# <span style="color: #006dd7;"><b>no shut</b></span> <br>R1(config-if)# exit <br><br>R1(config)# <span style="color: #006dd7;"><b>int s0/2/0</b></span> <br>R1(config-if)# <span style="color: #006dd7;"><b>ip add 203.230.9.1 255.255.255.0<br></b></span> <span style="color: #333333; background-color: #ffffff;" data-ke-size="size16">R1(config-if)# <span style="color: #ee2323;"><b>clock rate 64000</b></span></span><br>R1(config-if)# <span style="color: #006dd7;"><b>no shut</b></span> <br>R1(config-if)# exit<br><br>R1(config)# <span style="color: #006dd7;"><b>int tunnel 12</b></span>               (트래픽이 통과하는 터널 선언) <br>R1(config-if)#<span style="color: #006dd7;"><b> ip add 10.10.10.1 255.255.255.0</b></span> <br>R1(config-if)# <span style="color: #006dd7;"><b>tunnel source s0/2/0</b></span> <br>R1(config-if)# <span style="color: #006dd7;"><b>tunnel destination 203.230.9.2</b></span> <br>R1(config-if)# exit</td><td style="width: 14.1172%; height: 309px;"></td></tr><tr style="height: 291px;"><td style="width: 20.059%; height: 291px;">R1에 IPSec VPN 설정(보안 라이선스 설정)</td><td style="width: 65.8237%; height: 291px;">R1(config)# <span style="color: #006dd7;"><b>license boot module c2900 technology-package securityk9</b></span> <br> ㆍㆍㆍ 중간 생략 ㆍㆍㆍ  <br><br>ACCEPT? [yes/no]: <span style="color: #006dd7;"><b>yes</b></span> <br>% use ‘write’command to make license boot config take effect on <br><br>R1(config)# <span style="color: #006dd7;"><b>do write</b></span> <br>Building configuration… <br>[OK]<br><br>R1(config)# <span style="color: #006dd7;"><b>exit</b></span> <br>R1#  <br>%SYS-5-CONFIG_I: Configured from console by console <br><br>R1# <span style="color: #006dd7;"><b>reload</b></span> <br>Proceed with reload? [confirm‎]  (재부팅한 후 아래와 같이 입력)</td><td style="width: 14.1172%; height: 291px;"></td></tr><tr style="height: 381px;"><td style="width: 20.059%; height: 381px;">R1에 IPSec VPN 설정(IPSec 설정)</td><td style="width: 65.8237%; height: 381px;">R1(config)# <span style="color: #006dd7;"><b>crypto isakmp policy 10 </b></span>   (ISAKMP에서 사용할 정책 선언) <br>R1(config-isakmp)# <span style="color: #006dd7;"><b>encryption aes 256 </b></span> <br>R1(config-isakmp)# <span style="color: #006dd7;"><b>authentication pre-share</b></span>  <br>R1(config-isakmp)# <span style="color: #006dd7;"><b>lifetime 36000</b></span>  <br>R1(config-isakmp)# <span style="color: #006dd7;"><b>hash sha</b></span>  <br>R1(config-isakmp)# exit<br><br>R1(config)# <span style="color: #006dd7;"><b>crypto ipsec transform-set strong esp-3des esp-md5-hmac</b></span><br>R1(config)# <span style="color: #006dd7;"><b>crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0</b></span><br>R1(config)# <span style="color: #006dd7;"><b>crypto map vpn 10 ipsec-isakmp</b></span><br>R1(config-crypto-map)# <span style="color: #006dd7;"><b>set peer 203.230.9.2</b></span>  <br>R1(config-crypto-map)# <span style="color: #006dd7;"><b>set transform-set strong</b></span> <br>R1(config-crypto-map)# <span style="color: #006dd7;"><b>match address 110</b></span> <br>R1(config-crypto-map)# exit<br><br>R1(config)# <span style="color: #006dd7;"><b>access-list 110 permit gre host 203.230.9.1 host 203.230.9.2</b></span> <br><br>R1(config)# <span style="color: #006dd7;"><b>int s0/2/0</b></span> <br>R1(config-if)# <span style="color: #006dd7;"><b>crypto map vpn</b></span>    (VPN 작동을 선언) <br>R1(config-if)# exit</td><td style="width: 14.1172%; height: 381px;"></td></tr><tr style="height: 90px;"><td style="width: 20.059%; height: 90px;">라우터 R1에 IPSec VPN 설정(OSPF 설정)</td><td style="width: 65.8237%; height: 90px;">R1(config)# <span style="color: #006dd7;"><b>router ospf 7</b></span> <br>R1(config-router)# <span style="color: #006dd7;"><b>network 203.230.7.1 0.0.0.0 area 0 </b></span> <br>R1(config-router)# <span style="color: #006dd7;"><b>network 203.230.8.1 0.0.0.0 area 0</b></span>  <br>R1(config-router)# <span style="color: #006dd7;"><b>network 203.230.9.1 0.0.0.0 area 0</b></span>  <br>R1(config-router)# <span style="color: #006dd7;"><b>network 10.10.10.1 0.0.0.0 area 0</b></span></td><td style="width: 14.1172%; height: 90px;"></td></tr><tr style="height: 309px;"><td style="width: 20.059%; height: 309px;">R2에 IPSec VPN 설정(기본 설정)</td><td style="width: 65.8237%; height: 309px;">R2(config)# <span style="color: #006dd7;"><b>int s0/2/0</b></span> <br>R2(config-if)#<span style="color: #006dd7;"><b> ip add 203.230.10.1 255.255.255.0<br></b></span> R2(config-if)#<span style="color: #ee2323;" data-ke-size="size16"><b> clock rate 64000</b></span><br>R2(config-if)# <span style="color: #006dd7;"><b>no shut</b></span> <br>R2(config-if)# exit<br><br>R2(config)# <span style="color: #006dd7;"><b>int s0/2/1</b></span> <br>R2(config-if)#<span style="color: #006dd7;"><b> ip add 203.230.9.2 255.255.255.0</b></span> <br>R2(config-if)# <span style="color: #006dd7;"><b>no shut</b></span> <br>R2(config-if)# exit<br><br>R2(config)# <span style="color: #006dd7;"><b>int tunnel 12 </b></span>   (트래픽이 통과하는 터널 선언) <br>R2(config-if)# <span style="color: #006dd7;"><b>ip add 10.10.10.2 255.255.255.0</b></span> <br>R2(config-if)#<span style="color: #006dd7;"><b> tunnel source s0/2/1</b></span> <br>R2(config-if)# <span style="color: #006dd7;"><b>tunnel destination 203.230.9.1</b></span> <br>R2(config-if)# exit<br><br>R2(config)#<span style="color: #006dd7;"><b> int tunnel 23</b></span>    (트래픽이 통과하는 터널 선언)<br><span style="color: #333333;" data-ke-size="size16">R2(config-if)#</span><span style="color: #006dd7;" data-ke-size="size16"><b> ip add 11.11.11.1 255.255.255.0</b></span><br><span style="color: #333333;" data-ke-size="size16">R2(config-if)# <span style="color: #ee2323;"><b>tunnel source s0/2/0</b></span></span><br><span style="color: #333333;" data-ke-size="size16">R2(config-if)# <span style="color: #006dd7;"><b>tunnel destination 203.230.10.2</b></span></span><br><span style="color: #333333;" data-ke-size="size16">R2(config-if)# exit</span></td><td style="width: 14.1172%; height: 309px;"></td></tr><tr style="height: 124px;"><td style="width: 20.059%; height: 124px;">R2에 IPSec VPN 설정(보안 라이선스 설정)</td><td style="width: 65.8237%; height: 124px;">R2(config)# <span style="color: #006dd7;"><b>license boot module c2900 technology-package securityk9</b></span> <br> ㆍㆍㆍ 중간 생략 ㆍㆍㆍ <br><br>R2(config)# <span style="color: #006dd7;"><b>do write</b></span> <br>Building configuration… <br>[OK]<br><br>R2(config)# <span style="color: #006dd7;"><b>exit</b></span> <br>R2#  <br>%SYS-5-CONFIG_I: Configured from console by console <br><br>R2#<span style="color: #006dd7;"><b> reload</b></span> <br>Proceed with reload? [confirm‎]  (재부팅한 후 아래와 같이 입력)</td><td style="width: 14.1172%; height: 124px;"></td></tr><tr style="height: 381px;"><td style="width: 20.059%; height: 381px;">R2에 IPSec VPN 설정(IPSec 설정)</td><td style="width: 65.8237%; height: 381px;">R2(config)# <span style="color: #006dd7;"><b>crypto isakmp policy 10</b></span>    (ISAKMP에서 사용할 정책 선언) <br>R2(config-isakmp)# <span style="color: #006dd7;"><b>encryption aes 256 </b></span> <br>R2(config-isakmp)# <span style="color: #006dd7;"><b>authentication pre-share </b></span> <br>R2(config-isakmp)# <span style="color: #006dd7;"><b>lifetime 36000 </b></span> <br>R2(config-isakmp)# <span style="color: #006dd7;"><b>hash sha</b></span>  <br>R2(config-isakmp)# exit<br><br>R2(config)# <span style="color: #006dd7;"><b>crypto ipsec transform-set strong esp-3des esp-md5-hmac</b></span><br>R2(config)# <span style="color: #006dd7;"><b>crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0 </b></span><br>R2(config)# <span style="color: #006dd7;"><b>crypto map vpn 10 ipsec-isakmp</b></span><br>R2(config-crypto-map)# <span style="color: #006dd7;"><b>set peer 203.230.9.1 </b></span> <br>R2(config-crypto-map)# <span style="color: #006dd7;"><b>set transform-set strong</b></span> <br>R2(config-crypto-map)# <span style="color: #006dd7;"><b>match address 110</b></span> <br>R2(config-crypto-map)# exit<br><br>R2(config)# <span style="color: #006dd7;"><b>crypto map vpn 20 ipsec-isakmp</b></span><br>R2(config-crypto-map)# <span style="color: #006dd7;"><b>set peer 203.230.10.2</b></span>  <br>R2(config-crypto-map)# <span style="color: #006dd7;"><b>set transform-set strong</b></span> <br>R2(config-crypto-map)#<span style="color: #006dd7;"><b> match address 120</b></span> <br>R2(config-crypto-map)# exit</td><td style="width: 14.1172%; height: 381px;"></td></tr><tr style="height: 345px;"><td style="width: 20.059%; height: 345px;">R2에 IPSec VPN 설정(OSPF 설정)</td><td style="width: 65.8237%; height: 345px;">R2(config)# <span style="color: #006dd7;"><b>access-list 110 permit gre host 203.230.9.2 host 203.230.9.1</b></span> <br>R2(config)# <span style="color: #006dd7;"><b>access-list 120 permit gre host 203.230.10.1 host 203.230.10.2</b></span> <br>R2(config)# <span style="color: #006dd7;"><b>int s0/2/0</b></span> <br>R2(config-if)# <span style="color: #006dd7;"><b>crypto map vpn</b></span>    (VPN 작동을 선언) <br>R2(config-if)# exit  <br><br>R2(config)#<span style="color: #006dd7;"><b> int s0/2/1</b></span> <br>R2(config-if)# <span style="color: #006dd7;"><b>crypto map vpn</b></span>    (VPN 작동을 선언) <br>R2(config-if)# exit  <br><br>R2(config)# <span style="color: #006dd7;"><b>router ospf 7</b></span> <br>R2(config-router)# <span style="color: #006dd7;"><b>network 203.230.9.2 0.0.0.0 area 0 </b></span> <br>R2(config-router)# <span style="color: #006dd7;"><b>network 203.230.10.1 0.0.0.0 area 0</b></span>  <br>R2(config-router)# <span style="color: #006dd7;"><b>network 10.10.10.2 0.0.0.0 area 0</b></span>  <br>R2(config-router)# <span style="color: #006dd7;"><b>network 11.11.11.1 0.0.0.0 area 0</b></span></td><td style="width: 14.1172%; height: 345px;"></td></tr><tr style="height: 327px;"><td style="width: 20.059%; height: 327px;">R3에 IPSec VPN 설정(기본 설정)</td><td style="width: 65.8237%; height: 327px;">R3(config)# <span style="color: #006dd7;"><b>int gi0/0</b></span> <br>R3(config-if)#<span style="color: #006dd7;"><b> ip add 203.230.11.1 255.255.255.0</b></span> <br>R3(config-if)# <span style="color: #006dd7;"><b>no shut</b></span> <br>R3(config-if)# exit<br><br>R3(config)# <span style="color: #006dd7;"><b>int gi0/1</b></span> <br>R3(config-if)#<span style="color: #006dd7;"><b> ip add 203.230.12.1 255.255.255.0</b></span> <br>R3(config-if)# <span style="color: #006dd7;"><b>no shut</b></span> <br>R3(config-if)# exit <br><br>R3(config)# <span style="color: #006dd7;"><b>int s0/2/1</b></span> <br>R3(config-if)# <span style="color: #006dd7;"><b>ip add 203.230.10.2 255.255.255.0</b></span> <br>R3(config-if)#<span style="color: #006dd7;"><b> no shut</b></span> <br>R3(config-if)# exit<br><br>R3(config)#<span style="color: #006dd7;"><b> int tunnel 23 </b></span>   (트래픽이 통과하는 터널 선언) <br>R3(config-if)#<span style="color: #006dd7;"><b> ip add 11.11.11.2 255.255.255.0</b></span> <br>R3(config-if)# <span style="color: #006dd7;"><b>tunnel source s0/2/1</b></span> <br>R3(config-if)# <span style="color: #006dd7;"><b>tunnel destination 203.230.10.1</b></span> <br>R3(config-if)# exit</td><td style="width: 14.1172%; height: 327px;"></td></tr><tr style="height: 327px;"><td style="width: 20.059%; height: 327px;">R3에 IPSec VPN 설정(보안 라이선스 설정)</td><td style="width: 65.8237%; height: 327px;">R3(config)#<span style="color: #006dd7;"><b> license boot module c2900 technology-package securityk9</b></span> <br> ㆍㆍㆍ 중간 생략 ㆍㆍㆍ  <br><br>ACCEPT? [yes/no]: <span style="color: #006dd7;"><b>yes</b></span> <br>% use ‘write’command to make license boot config take effect on <br><br>R3(config)#<span style="color: #006dd7;"><b> do write</b></span> <br>Building configuration… <br>[OK]<br><br>R3(config)# <span style="color: #006dd7;"><b>exit</b></span> <br>R3#  <br>%SYS-5-CONFIG_I: Configured from console by console <br><br>R3#<span style="color: #006dd7;"><b> reload</b></span> <br>Proceed with reload? [confirm‎]  (재부팅한 후 아래와 같이 입력)</td><td style="width: 14.1172%; height: 327px;"></td></tr><tr style="height: 346px;"><td style="width: 20.059%; height: 346px;">R3에 IPSec VPN 설정(IPSec 설정)</td><td style="width: 65.8237%; height: 346px;">R3(config)# <span style="color: #006dd7;"><b>crypto isakmp policy 10</b></span>    (ISAKMP에서 사용할 정책 선언) <br>R3(config-isakmp)# <span style="color: #006dd7;"><b>encryption aes 256 </b></span> <br>R3(config-isakmp)# <span style="color: #006dd7;"><b>authentication pre-share</b></span>  <br>R3(config-isakmp)#<span style="color: #006dd7;"><b> lifetime 36000</b></span>  <br>R3(config-isakmp)# <span style="color: #006dd7;"><b>hash sha</b></span>  <br>R3(config-isakmp)# exit<br><br>R3(config)# <span style="color: #006dd7;"><b>crypto ipsec transform-set strong esp-3des esp-md5-hmac</b></span><br>R3(config)# <span style="color: #006dd7;"><b>crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0</b></span> <br>R3(config)# <span style="color: #006dd7;"><b>crypto map vpn 10 ipsec-isakmp</b></span><br>R3(config-crypto-map)# <span style="color: #006dd7;"><b>set peer 203.230.10.1 </b></span> <br>R3(config-crypto-map)# <span style="color: #006dd7;"><b>set transform-set strong</b></span> <br>R3(config-crypto-map)#<span style="color: #006dd7;"><b> match address 110</b></span> <br>R3(config-crypto-map)# exit<br><br>R3(config)# <span style="color: #006dd7;"><b>access-list 110 permit gre host 203.230.10.2 host 203.230.10.1</b></span> <br>R3(config)# <span style="color: #006dd7;"><b>int s0/2/1</b></span> <br>R3(config-if)# <span style="color: #006dd7;"><b>crypto map vpn</b></span>    (VPN 작동을 선언) <br>R3(config-if)# exit <br><br>R3(config)# <span style="color: #006dd7;"><b>router ospf 7</b></span> <br>R3(config-router)# <span style="color: #006dd7;"><b>network 203.230.10.2 0.0.0.0 area 0</b></span>  <br>R3(config-router)# <span style="color: #006dd7;"><b>network 203.230.11.1 0.0.0.0 area 0 </b></span> <br>R3(config-router)# <span style="color: #006dd7;"><b>network 203.230.12.1 0.0.0.0 area 0</b></span>  <br>R3(config-router)# <span style="color: #006dd7;"><b>network 11.11.11.2 0.0.0.0 area 0</b></span></td><td style="width: 14.1172%; height: 346px;">▶설정을 마친 후 파일을 저장하고 패킷트레이서를 파일을 다시 읽어 들여야 함</td></tr><tr style="height: 109px;"><td style="width: 20.059%; height: 109px;">IPSec VPN 설정 확인</td><td style="width: 65.8237%; height: 109px;">PC0> <b>tracert 203.230.11.2</b><br><br>1  0 ms   0 ms  0 ms     203.230.7.1      (R1)<br><span style="color: #333333; background-color: #f9f9f9;" data-ke-size="size16">2  1 ms   7 ms  12 ms   </span>10.10.10.2        (R2, tunnel 12)<br><span style="color: #333333; background-color: #f9f9f9;" data-ke-size="size16">3  4 ms   2 ms  9 ms     </span>11.11.11.2        (R3, tunnel 23)<br><span style="color: #333333; background-color: #f9f9f9;" data-ke-size="size16">4   *       2 ms  9 ms     </span>203.230.11.2     (PC2)<br><br>PC1> <b>tracert 203.230.11.2</b><br><br><span style="color: #333333; background-color: #f9f9f9;" data-ke-size="size16">1  0 ms   0 ms  0 ms     203.230.8.1      (R1)</span><br><span style="color: #333333; background-color: #f9f9f9;" data-ke-size="size16">2  1 ms   7 ms  12 ms   </span><span style="color: #333333; background-color: #f9f9f9;" data-ke-size="size16">10.10.10.2        (R2, tunnel 12)</span><br><span style="color: #333333; background-color: #f9f9f9;" data-ke-size="size16">3  4 ms   2 ms  9 ms     </span><span style="color: #333333; background-color: #f9f9f9;" data-ke-size="size16">11.11.11.2        (R3, tunnel 23)</span><br><span style="color: #333333; background-color: #f9f9f9;" data-ke-size="size16">4   *       2 ms  9 ms     </span><span style="color: #333333; background-color: #f9f9f9;" data-ke-size="size16">203.230.11.2     (PC2)</span></td><td style="width: 14.1172%; height: 109px;">10.10.10.2<br><br>정해진 터널 IP주소를 거쳐 잘 통과하는지 확인</td></tr><tr style="height: 90px;"><td style="width: 20.059%; height: 90px;">인터페이스별 VPN 정보확인</td><td style="width: 65.8237%; height: 90px;">R2# <b>show crypto ipsec sa</b>      (인터페이스 별로 VPN에 관한 모든 정보 확인)<br>R2# <b>show crypto ipsec transform-set</b>     (IPSec 설정 및 동작 확인)<br>R2# <b>show crypto isakmp policy</b>            (ISAKMP 설정 확인)<br>R2# <b>show crypto isakmp sa</b>                  (VPN 출발지/도착지 및 상태 확인)<br>R2# <b>show crypto map</b>                         (VPN 연결정보 및 ACL 확인)</td><td style="width: 14.1172%; height: 90px;"></td></tr></tbody></table></div>
<!-- -->
]]>
카페 게시글
통신네트웍및실습(1112)
VPN (Virtual Private Network)
한창호
추천 0
조회 395
22.07.18 09:55
댓글 0
다음검색
