VPN 
acer
5.1.
IPSec 
VPN-
NAT 
access-list
5.2.
IPSec 
NAT 
Cisco Packet Tracer.
5.3.
VPN (Virtual Private Network 
65
-
-
-
VPN 
VPN 
VPN-
IPSec (IP Security), OpenVPN 
PPTP (Point-to-Point
Tunneling Protocol
IPSec.
IPSec 
1. ESP (Encapsulating Security Payload
2.AH (Authentication Header 
3.IKE (Internet Key Exchange protocol 
IPSec SA (Security Association
Security Association
SA.
IPSec:
66
IKE
IPSec- |
- |
ISAKMP Tunnel |
ISAKMP |
|
crypto isakmp policy |
ISAKMP 
show crypto isakmp sa
IKE.
crypto ipsec transform-set 
ISAKMP 
SA 
IPSec-
lifetime IPSec SA 
crypto map 
lifetime 
ISAKMP-
SA.
crypto ipsec transform-set 
crypto ipsec transform-set SET1 esp-aes 
-
.
67
hash 
SHA)
hash 
hash 
-
-
-
IP-
NAT.
-
1.
-
-
-
68
-
-
2.
3.
-
-
-
-
-
5.4.
5.4.1.
5.4.1.
5.
Cisco 
Cisco 2811),
Cisco 
Cisco 2811),
69
|
Cisco |
|
|
|
|
|
|
|
5.4.1 |
|
|
IP- |
|
|
PC0 |
FastEthernet 0 |
192.168.1.2 |
255.255.255.0 (24 |
|
|
|
192.168.1.1) |
|
|
PC1 |
FastEthernet 0 |
192.168.1.3 |
255.255.255.0 (24 |
|
|
|
192.168.1.1) |
|
|
PC2 |
FastEthernet 0 |
192.168.2.2 |
255.255.255.0 (24 |
|
|
|
192.168.2.1) |
|
|
PC3 |
FastEthernet 0 |
192.168.2.3 |
255.255.255.0 (24 |
|
|
|
192.168.2.1) |
|
|
Router0 |
FastEthernet 0/0 |
210.210.1.2 |
255.255.255.252 (30 |
|
( |
FastEthernet 0/1 |
192.168.1.1 |
255.255.255.0 (24 |
|
Router1 |
FastEthernet 0/0 |
210.210.2.2 |
255.255.255.252 (30 |
|
|
FastEthernet 0/1 |
192.168.2.1 |
255.255.255.0 (24 |
|
Router2 |
FastEthernet 0/0 |
210.210.1.1 |
255.255.255.252 (30 |
|
( |
FastEthernet 0/1 |
210.210.2.1 |
255.255.255.252 (30 |
|
|
|
- |
|
|
|
, |
|
|
|
|
|
Desktop |
|
IP |
Configurations |
IP- |
|
|
|
|
|
|
5. |
PC |
70
5.
PC0
C:\>ipconfig
PC.
Router
CLI 
no 
Tab):
Router>enable
Router#configure terminal
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip address 210.210.1.2 255.255.255.252
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface fastEthernet 0/1
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#ip route 0.0.0.0 0.0.0.0 210.210.1.1
Router(config)#end
Router#wr mem
71
Router#show running-config 
Enter
5.4.3).
5.
Router0
5.4.1.
IP-
Router>enable
Router#configure terminal
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip address 210.210.1.1 255.255.255.252
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface fastEthernet 0/1
Router(config-if)#ip address 210.210.2.1 255.255.255.252
Router(config-if)#no shutdown
Router(config-if)#end
5.4.2.
NAT
Router
Router
NAT 
IP-
Router0
:
72
Router>enable
Router#configure terminal
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#interface fastEthernet 0/1
Router(config-if)#ip nat inside
Router(config-if)#exit
access-list 
Router(config)#ip access-list standard FOR-NAT Router(config-std-nacl)#permit 192.168.1.0 0.0.0.255 (
Router(config-std-nacl)#exit
Router(config)#ip nat inside source list FOR-NAT interface fastEthernet 0/0 overload
Router(config)#end Router#wr mem
Router#show running-config 
access-list 
5.
:
C:\>ping 210.210.1.1
5.
73
NAT 
NAT 
IP-
PC
IP-
5.4.3.
VPN
VPN 
Router0.
Router>enable
Router#configure terminal
Router(config)#crypto isakmp policy 1
crypto isakmp policy 
IKE (Internet Key Exchange
ISAKMP 
-
ISAKMP 
Router(config-isakmp)#encryption 3des
Router(config-isakmp)#hash md5
Router(config-isakmp)#authentication pre-share
Router(config-isakmp)#group 2
Router(config-isakmp)#exit
VPN):
Router(config)#crypto isakmp key cisco address 210.210.2.2 
IPSec 
74