IPSEC VPN SITE TO SITE

Posted: February 17, 2012 in Cisco, Networking

Biar ga lupa masukin ke blog dulu dokumentasinya..
Berikut konfigurasi simple “IPSEC VPN SITE TO SITE”

IPSEC VPN SI TE TO SITE BY WIWID

Secara umum tahapan konfigurasinya seperti ini :
1) Set ISAKMP policy
2) Set ISAKMP pre-shared key
3) Set transform-set
4) Buat Access List, untuk network LAN yang akan di enkrip
5) Buat Crypto Map, sesuai dg pre-share key, transform-set, dan access-list nya
6) Kemudian, apply di interface WAN nya

Konfigurasi
R3 (CORE)

interface Loopback0
ip address 10.1.1.3 255.255.255.255
!
interface FastEthernet0/0
description to F0/0 R2
ip address 172.16.10.1 255.255.255.252
!
interface FastEthernet0/1
description F0/1 R1
ip address 172.16.20.1 255.255.255.252
!
router ospf 88
router-id 10.1.1.3
log-adjacency-changes
network 10.1.1.3 0.0.0.0 area 0
network 172.16.10.0 0.0.0.255 area 0
network 172.16.20.0 0.0.0.255 area 0

R1

crypto isakmp policy 1
encr aes
authentication pre-share
group 5
crypto isakmp key secret1 address 172.16.10.2
!
crypto ipsec transform-set secret1 esp-aes esp-sha-hmac
!
crypto map vpn 10 ipsec-isakmp
set peer 172.16.10.2
set transform-set secret1
match address 101

interface Loopback0
ip address 10.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/1
ip address 172.16.20.2 255.255.255.252
crypto map vpn
!
router ospf 88
router-id 10.1.1.1
log-adjacency-changes
redistribute static subnets
network 10.1.1.1 0.0.0.0 area 0
network 172.16.20.0 0.0.0.3 area 0
network 192.168.1.0 0.0.0.255 area 0
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

R2

crypto isakmp policy 1
encr aes
authentication pre-share
group 5
crypto isakmp key secret1 address 172.16.20.2
!
crypto ipsec transform-set secret1 esp-aes esp-sha-hmac
!
crypto map vpn 10 ipsec-isakmp
set peer 172.16.20.2
set transform-set secret1
match address 101

interface Loopback0
ip address 10.1.1.2 255.255.255.255
!
interface FastEthernet0/0
ip address 172.16.10.2 255.255.255.252
duplex auto
speed auto
crypto map vpn
!
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
router ospf 88
router-id 10.1.1.2
log-adjacency-changes
redistribute static subnets
network 10.1.1.2 0.0.0.0 area 0
network 172.16.10.0 0.0.0.3 area 0
network 192.168.2.0 0.0.0.255 area 0

access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

jika konfigurasi sdh sesuai, maka bisa dilakukan test koneksi dari R1 ke LAN R2 atau sebaliknya

R1#ping 192.168.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/92/160 ms
R1#ping 192.168.2.2 sou
R1#ping 192.168.2.2 source 192.168.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/144/236 ms

Virtual-link OSPF On Junos

Posted: September 28, 2011 in Juniper, Networking

Seperti halnya Virtual-link OSPF on Cisco, di Junos pun hampir sama. Tujuan Virtual-link ini adalah untuk memanipulasi router yang berada diluar area0, atau terhubung dengan area lain. Tapi, seakan-akan router tersebut terhubung dengan Area0.
Network Diagramnya sebagai berikut..simulasi melalui Olive. Sehingga, menggunakan logical-router..
Design By Wiwid

Untuk konfigurasinya silahkan download
Config_R1
Config_R2
Config_R3
Config_R4

Jika virtual-link antara R1 & R3 tidak ada (deactivate), maka neighbor router R1, hanya R2 & R3
wiwid@my_junos# run show ospf neighbor logical-router R1
Address Interface State ID Pri Dead
10.50.50.2 fxp1.1 Full 10.1.1.20 128 37
10.11.10.2 fxp1.2 Full 10.1.1.30 128 37

Jika virtual-link diaktifkan, maka neighbor di R1 akan bertambah
wiwid@my_junos# run show ospf neighbor logical-router R1
Address Interface State ID Pri Dead
10.50.50.2 fxp1.1 Full 10.1.1.20 128 36
10.11.10.2 vl-10.1.1.30 Full 10.1.1.30 0 36
10.11.10.2 fxp1.2 Full 10.1.1.30 128 36

vl=virtual-link

Ping dari R4 – R2, hasilnya sbb :
wiwid@my_junos# run ping 10.1.1.20 logical-router R4
PING 10.1.1.20 (10.1.1.20): 56 data bytes
64 bytes from 10.1.1.20: icmp_seq=0 ttl=62 time=3.497 ms
64 bytes from 10.1.1.20: icmp_seq=1 ttl=62 time=2.372 ms
64 bytes from 10.1.1.20: icmp_seq=2 ttl=62 time=1.508 ms

^C

Sore Bro n Sis,

Alhamdulillah, running well jg simulasi “OSPF Virtual Link”
langsung aja ya. Berikut network diagram dan konfigurasinya

Design By Wiwid

R2 :
interface Loopback0
ip address 172.16.1.2 255.255.255.255

interface Serial0/0
no ip address
encapsulation frame-relay
clock rate 2000000
frame-relay lmi-type ansi
!
interface Serial0/0.101 point-to-point
ip address 192.168.1.1 255.255.255.248
snmp trap link-status
frame-relay interface-dlci 101
!
interface Serial0/0.102 point-to-point
ip address 192.168.2.1 255.255.255.248
snmp trap link-status
frame-relay interface-dlci 102
!
interface Serial0/0.103 point-to-point
ip address 192.168.3.1 255.255.255.248
snmp trap link-status
frame-relay interface-dlci 103
!
interface FastEthernet0/1
description to R7 (F0/1)
ip address 10.10.7.1 255.255.255.252

router ospf 99
router-id 172.16.1.2
log-adjacency-changes
area 20 virtual-link 172.16.1.7
network 10.10.7.0 0.0.0.3 area 20
network 172.16.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.7 area 0
network 192.168.2.0 0.0.0.7 area 0
network 192.168.3.0 0.0.0.7 area 0

R3 :
interface Loopback0
ip address 172.16.1.3 255.255.255.255

interface Serial0/0
no ip address
encapsulation frame-relay
clock rate 2000000
frame-relay lmi-type ansi
!
interface Serial0/0.101 point-to-point
ip address 192.168.1.2 255.255.255.248
snmp trap link-status
frame-relay interface-dlci 101
!
router ospf 99
router-id 172.16.1.3
log-adjacency-changes
network 172.16.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.7 area 0

R4 :
interface Loopback0
ip address 172.16.1.4 255.255.255.255
!
interface Serial0/0
no ip address
encapsulation frame-relay
clock rate 2000000
frame-relay lmi-type ansi
!
interface Serial0/0.102 point-to-point
ip address 192.168.2.2 255.255.255.248
snmp trap link-status
frame-relay interface-dlci 102
!
router ospf 99
router-id 172.16.1.4
log-adjacency-changes
network 172.16.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0

R5 :
interface Loopback0
ip address 172.16.1.5 255.255.255.255
!
interface Serial0/0
no ip address
encapsulation frame-relay
clock rate 2000000
frame-relay lmi-type ansi
!
interface Serial0/0.103 point-to-point
ip address 192.168.3.2 255.255.255.248
snmp trap link-status
frame-relay interface-dlci 103
!
router ospf 99
router-id 172.16.1.5
log-adjacency-changes
network 172.16.1.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.7 area 0

R5 :

interface Loopback0
ip address 172.16.1.5 255.255.255.255
!
interface Serial0/0
no ip address
encapsulation frame-relay
clock rate 2000000
frame-relay lmi-type ansi
!
interface Serial0/0.103 point-to-point
ip address 192.168.3.2 255.255.255.248
snmp trap link-status
frame-relay interface-dlci 103
!
router ospf 99
router-id 172.16.1.5
log-adjacency-changes
network 172.16.1.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.7 area 0

R7 :
interface Loopback0
ip address 172.16.1.7 255.255.255.255
!
interface FastEthernet0/0
description To R8 (F0/0)
ip address 10.10.150.1 255.255.255.252
!
interface FastEthernet0/1
description To R2 (F0/1)
ip address 10.10.7.2 255.255.255.252

router ospf 99
router-id 172.16.1.7
log-adjacency-changes
area 20 virtual-link 172.16.1.2
network 10.10.7.0 0.0.0.3 area 20
network 10.10.150.0 0.0.0.3 area 30
network 172.16.1.0 0.0.0.255 area 20

R8 :
interface Loopback0
ip address 172.16.1.8 255.255.255.255
!
interface FastEthernet0/0
description To R7 (F0/0)
ip address 10.10.150.2 255.255.255.252

router ospf 99
router-id 172.16.1.8
log-adjacency-changes
network 10.10.150.0 0.0.0.3 area 30
network 172.16.1.0 0.0.0.255 area 30

NOTE :
Verifikasi apakah virtual-link dengan baik. Cek “show ip route di R8”, karena R8 tidak terhubung langsung dengan AREA 0. Jika di R8, terdapat routing-table dari “inter-area (IA)” maka virtual-link sudah UP.

R8#sh ip ro ospf
172.16.0.0/32 is subnetted, 5 subnets
O IA 172.16.1.5 [110/85] via 10.10.150.1, 00:16:01, FastEthernet0/0
O IA 172.16.1.4 [110/85] via 10.10.150.1, 00:16:01, FastEthernet0/0
O IA 172.16.1.7 [110/11] via 10.10.150.1, 00:16:11, FastEthernet0/0
O IA 172.16.1.3 [110/85] via 10.10.150.1, 00:16:01, FastEthernet0/0
10.0.0.0/30 is subnetted, 2 subnets
O IA 10.10.7.0 [110/20] via 10.10.150.1, 00:16:11, FastEthernet0/0
192.168.1.0/29 is subnetted, 1 subnets
O IA 192.168.1.0 [110/84] via 10.10.150.1, 00:16:01, FastEthernet0/0
192.168.2.0/29 is subnetted, 1 subnets
O IA 192.168.2.0 [110/84] via 10.10.150.1, 00:16:01, FastEthernet0/0
192.168.3.0/29 is subnetted, 1 subnets
O IA 192.168.3.0 [110/84] via 10.10.150.1, 00:16:01, FastEthernet0/0

FRAME RELAY POINT TO POINT

Posted: September 20, 2011 in CCNA, Frame Relay, Networking

Bro n Sis,
Selamat pagi…
Mau buang Bandwidth ya, lagi simulasi Frame Relay Point to Point Basic
Chekidot..

Design By Wiwid



DCE_Router :

interface Serial0/0
no ip address
encapsulation frame-relay
clock rate 2000000
frame-relay lmi-type ansi
!
interface Serial0/0.101 point-to-point
description Link To R3
ip address 192.168.1.1 255.255.255.248
snmp trap link-status
frame-relay interface-dlci 101
!
interface Serial0/0.102 point-to-point
ip address 192.168.2.1 255.255.255.248
snmp trap link-status
frame-relay interface-dlci 102
!
interface Serial0/0.103 point-to-point
ip address 192.168.3.1 255.255.255.248
snmp trap link-status
frame-relay interface-dlci 103

DTE3_Router :
interface Serial0/0
no ip address
encapsulation frame-relay
clock rate 2000000
frame-relay lmi-type ansi
!
interface Serial0/0.101 point-to-point
ip address 192.168.1.2 255.255.255.248
snmp trap link-status
frame-relay interface-dlci 101

DTE4_Router :
interface Serial0/0
no ip address
encapsulation frame-relay
clock rate 2000000
frame-relay lmi-type ansi
!
interface Serial0/0.102 point-to-point
ip address 192.168.2.2 255.255.255.248
snmp trap link-status
frame-relay interface-dlci 102

DTE5_Router :
interface Serial0/0
no ip address
encapsulation frame-relay
clock rate 2000000
frame-relay lmi-type ansi
!
interface Serial0/0.103 point-to-point
ip address 192.168.3.2 255.255.255.248
snmp trap link-status
frame-relay interface-dlci 103

FRame Relay Hub N Spoke

Posted: September 13, 2011 in CCNA, Frame Relay, Networking

Bro n Sis,

dah lama ga nge-Blog.. Kali ini mw ngeblog “Frame Relay Hub n Spoke”. Kalo ga salah, ini salah satu materi CCNA ya. CMIIW. Kurang lebih diagram simulasi yang saya buat seperti ini.

Network Diargam Frame Relay Hub & Spoke By Wiwid

Ga dijelasin panjang lebar ya soal teorinya.. Karena sudah banyak di Internet..
Langsung konfigurasinya aja.

R11
interface Serial0/0
ip address 192.168.1.2 255.255.255.0
encapsulation frame-relay
clock rate 2000000
frame-relay map ip 192.168.1.4 201
frame-relay map ip 192.168.1.3 201
frame-relay map ip 192.168.1.1 201

R12
interface Serial0/0
ip address 192.168.1.1 255.255.255.0
encapsulation frame-relay
clock rate 2000000
frame-relay map ip 192.168.1.4 104
frame-relay map ip 192.168.1.3 103
frame-relay map ip 192.168.1.2 102
no frame-relay inverse-arp

R13
interface Serial0/0
ip address 192.168.1.3 255.255.255.0
encapsulation frame-relay
clock rate 2000000
frame-relay map ip 192.168.1.4 301
frame-relay map ip 192.168.1.2 301
frame-relay map ip 192.168.1.1 301

R14
interface Serial0/0
ip address 192.168.1.4 255.255.255.0
encapsulation frame-relay
clock rate 2000000
frame-relay map ip 192.168.1.3 401
frame-relay map ip 192.168.1.2 401
frame-relay map ip 192.168.1.1 401

kalo ini Configurasi FR Cloud

Export RIP To OSPF

Posted: July 26, 2011 in Juniper, Networking

Istilah Redistributed di Junos adalah “export” yaitu membawa/melewati protocol routing lain, ke dalam protocol routing lainnya.

Berikut configurationnya…Silahkan download ya…
RIP To OSPF

Jika dilihat “show route” di Router-4, maka terdapat routing table OSPF dan RIP..

wiwid@my_junos# run show route logical-router R4

inet.0: 15 destinations, 15 routes (15 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both

10.1.1.1/32 *[RIP/100] 00:06:57, metric 3, tag 0
> to 172.16.20.1 via fxp4.1
to 10.5.5.1 via fxp4.2
10.1.1.2/32 *[RIP/100] 00:07:01, metric 2, tag 0
> to 10.5.5.1 via fxp4.2
10.1.1.3/32 *[RIP/100] 00:06:42, metric 2, tag 0
> to 172.16.20.1 via fxp4.1
10.1.1.4/32 *[Direct/0] 02:04:50
> via lo0.4
10.1.1.5/32 *[OSPF/10] 00:10:40, metric 1
> to 10.7.7.2 via fxp4.3
10.5.5.0/30 *[Direct/0] 02:04:50
> via fxp4.2
10.5.5.2/32 *[Local/0] 02:04:50
Local via fxp4.2
10.7.7.0/30 *[Direct/0] 00:11:28
> via fxp4.3
10.7.7.1/32 *[Local/0] 00:11:28
Local via fxp4.3
10.10.10.0/30 *[RIP/100] 00:06:42, metric 2, tag 0
> to 172.16.20.1 via fxp4.1
172.16.10.0/29 *[RIP/100] 00:07:01, metric 2, tag 0
> to 10.5.5.1 via fxp4.2
172.16.20.0/29 *[Direct/0] 02:04:50
> via fxp4.1
172.16.20.2/32 *[Local/0] 02:04:50
Local via fxp4.1
224.0.0.5/32 *[OSPF/10] 00:11:27, metric 1
MultiRecv
224.0.0.9/32 *[RIP/100] 00:01:48, metric 1
MultiRecv

RIP ON JUNOS…

Posted: July 26, 2011 in Juniper, Networking

Alhamdulillah,,
Akhirnya bisa juga, configuration RIP on JUNOS. Beda vendor beda config ya.he.he.he.
kalo di Cisco cukup masukan networknya saja. Tapi, di Junos yang didaftarkan yaitu interface directly. Eits ga sampe disitu aja, perlu diexport lagi. Interface atau network selain interface directly RIP. CMIIW

Design By Wiwid


Read the rest of this entry »