Freitag, 24. April 2009

EN - Task 2.2.1 adding VPN Edge devices

Well it has been a while since the last task update and I hope you don´t mind to much.
So we start with our network from last time, this means 3 routers and a pix running OSPF. (LINK)

First of all we will add the two VPN Edge devices, so that we can build security concept for the complete network.
The Routers are set up quit easily and i won´t explain in detail what to do on those machines. We will do the usual stuff like setting up network interfaces for internal and external communication, add OSPF and have a look on the other routers to see if the routes are propagated as expected. Fore more information about see the Task 2.1 Post.

VPN Edge Router 1 - R_VPN_1

service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R_VPN_1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
no logging console
no logging monitor
!
memory-size iomem 5
ip cef
!
no ip domain lookup
ip domain name Task2.local
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
interface Loopback0
description ### Loop 0 for MGMT ###
ip address 10.99.99.4 255.255.255.255
!
interface FastEthernet0/0
description ### Uplink ISP 1 ###
ip address 192.168.11.2 255.255.255.128
speed 100
full-duplex
!
interface FastEthernet0/1
description ### Uplink ISP 2 ###
ip address 192.168.22.2 255.255.255.128
speed 100
full-duplex
!
interface FastEthernet1/0
description ### Uplink to R_Outer_Core_1 ###
ip address 10.1.0.2 255.255.255.252
speed 100
full-duplex
!
interface FastEthernet2/0
description ### Uplink to R_Outer_Core_2 ###
ip address 10.1.0.10 255.255.255.252
speed auto
full-duplex
!
router ospf 100
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
network 10.1.0.0 0.0.0.3 area 0
network 10.1.0.8 0.0.0.3 area 0
network 10.99.99.4 0.0.0.0 area 0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.11.1
ip route 0.0.0.0 0.0.0.0 192.168.22.1 10
!
ip http server
no ip http secure-server
!
control-plane
!
line con 0
line aux 0
line vty 0 4
!
ntp server 10.99.99.1 prefer

VPN Edge Router 2 - R_VPN_2

service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R_VPN_2
!
no logging console
no logging monitor
!
no aaa new-model
memory-size iomem 5
ip cef
!
no ip domain lookup
ip domain name Task2.local
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
interface Loopback0
description ### Loop 0 for MGMT ###
ip address 10.99.99.5 255.255.255.255
!
interface FastEthernet0/0
description ### Uplink ISP 1 ###
ip address 192.168.11.3 255.255.255.128
speed 100
full-duplex
!
interface FastEthernet0/1
description ### Uplink to ISP 2 ###
ip address 192.168.22.3 255.255.255.128
speed 100
full-duplex
!
interface FastEthernet1/0
description ### Uplink to R_Outer_Core_1 ###
ip address 10.1.0.6 255.255.255.252
speed 100
full-duplex
!
interface FastEthernet2/0
description ### Uplink to R_Outer_Core_2 ###
ip address 10.1.0.14 255.255.255.252
speed 100
full-duplex
!
router ospf 100
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
network 10.1.0.4 0.0.0.3 area 0
network 10.1.0.12 0.0.0.3 area 0
network 10.99.99.5 0.0.0.0 area 0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.11.1
ip route 0.0.0.0 0.0.0.0 192.168.22.1 10
!
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
line aux 0
line vty 0 4
!
ntp server 10.99.99.1 prefer

Well thats it for now. Since adding security to those devices is a larger task I´ll create a new blog post about this topic.

cheers NWG

Keine Kommentare:

Kommentar veröffentlichen