5-laboratoriya ishi mavzu: pptp, L2F, L2tp va ipsec protokollarini tadqiq qilish ishdan maqsad

Download 2,11 Mb.

bet	5/5
Sana	05.01.2022
Hajmi	2,11 Mb.
	#318278

1 2 3 4 5

Bog'liq
5-Laboratoriya ishi.Xabilov

Ishning bajarish tartibi

5.1-rasm. Tadqiq qilinayotgan tarmoq

Manzillar jadvali

Qurilma	Interfeys	IP-manzil	Tarmoq maskasi
R0	Fa0/0	192.168.1.1	255.255.255.0
R0	Fa0/1	195.158.1.1	255.255.255.252
R1	Fa0/0	195.158.1.2	255.255.255.252
R1	Fa0/1	80.80.80.1	255.255.255.252
R2	Fa0/1	80.80.80.2	255.255.255.252
R2	Fa0/0	172.16.1.1	255.255.255.0
PC0	NIC	192.168.1.10	255.255.255.0
PC1	NIC	172.16.1.10	255.255.255.0

1. Marshrutizatorlar o`rtasida aloqani tekshirish

Barcha tarmoq qurilmalarini 5.1-rasmda ko`rsatilganidek qilib IP-manzillarini bilan birga sozlang.

R0 sozlanishi:

Router>enable

Router#configure terminal

Router(config)#hostname R0

R0(config)#interface fastEthernet 0/0

R0(config-if)#no shutdown

R0(config-if)#ip address 192.168.1.1 255.255.255.0

R0(config-if)#exit

R0(config)#interface fastEthernet 0/1

R0(config-if)#no shutdown

R0(config-if)#ip address 195.158.1.1 255.255.255.252

R0(config-if)#exit

R0(config)#router ospf 1

R0(config-router)#network 192.168.1.0 0.0.0.255 area 1

R0(config-router)#network 195.158.1.0 0.0.0.3 area 0

R0(config-router)#exit
R1 sozlanishi:

Router>enable

Router#configure terminal

Router(config)#hostname R1

R1(config)#interface fastEthernet 0/0

R1(config-if)#no shutdown

R1(config-if)#ip address 195.158.1.2 255.255.255.252

R1(config-if)#exit

R1(config)#interface fastEthernet 0/1

R1(config-if)#no shutdown

R1(config-if)#ip address 80.80.80.1 255.255.255.252

R1(config-if)#exit

R1(config)#router ospf 1

R1(config-router)#network 80.80.80.0 0.0.0.3 area 0

R1(config-router)#network 195.158.1.0 0.0.0.3 area 0

R1(config-router)#exit
R2 sozlanishi:

Router>enable

Router#configure terminal

Router(config)#hostname R2

R2(config)#interface fastEthernet 0/0

R2(config-if)#no shutdown

R2(config-if)#ip address 192.168.1.1 255.255.255.0

R2(config-if)#exit

R2(config)#interface fastEthernet 0/1

R2(config-if)#no shutdown

R2(config-if)#ip address 80.80.80.2 255.255.255.252

R2(config-if)#exit

R2(config)#router ospf 1

R2(config-router)#network 80.80.80.0 0.0.0.3 area 0

R2(config-router)#network 172.16.1.0 0.0.0.255 area 2

R2(config-router)#exit

5.2-rasm. IPsec konfiguratsiya qilinmagan holat

2. IPsec ni sozlash

1. R0 marshrutizatori lokal tarmog`idan R2 marshrutizatori lokal tarmog`igacha trafiklarni aniqlash uchun ACL 100 ro`yxatini sozlang.

R0(config)#access-list 100 permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255
2. R2 marshrutizatori uchun ham yuqoridagi buyruqni takrorlang.
R2(config)#access-list 100 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255
3. R0 va R2 marshrutizatorlarida ISAKMP 1 kriptografiyasini va yana shifrlash kalitini TATU qilib sozlang.

R0 uchun:

R0(config)# crypto isakmp enable

R0(config)#crypto isakmp policy 1

R0(config-isakmp)#encryption 3des

R0(config-isakmp)#hash md5

R0(config-isakmp)#authentication pre-share

R0(config-isakmp)#group 2

R0(config-isakmp)#lifetime 86400

R0(config-isakmp)#exit
R0(config)#crypto isakmp key KALIT address 80.80.80.2

R0(config)#crypto ipsec transform-set TATU esp-3des esp-md5-hmac

R0(config)#access-list 100 permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255
R0(config)#crypto map KARTA 10 ipsec-isakmp

R0(config-crypto-map)#set peer 80.80.80.2

R0(config-crypto-map)#set transform-set TATU

R0(config-crypto-map)#match address 100

R0(config-crypto-map)#exit

R0(config)#interface fastEthernet 0/1

R0(config-if)#crypto map KARTA

R0(config-if)#exit

R2 uchun ham shu komadalar yoziladi

R2(config)# crypto isakmp enable

R2(config)#crypto isakmp policy 1

R2(config-isakmp)#encryption 3des

R2(config-isakmp)#hash md5

R2(config-isakmp)#authentication pre-share

R2(config-isakmp)#group 2

R2(config-isakmp)#lifetime 86400

R2(config-isakmp)#exit
R2(config)#crypto isakmp key KALIT address 195.158.1.1

R2(config)#crypto ipsec transform-set TATU esp-3des esp-md5-hmac

Router2(config)#access-list 100 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255
R2(config)#crypto map KARTA 10 ipsec-isakmp

R2(config-crypto-map)#set peer 195.158.1.1

R2(config-crypto-map)#set transform-set TATU

Router2(config-crypto-map)#match address 100

Router2(config-crypto-map)#exit

Router2(config)#interface fastEthernet 0/1

Router2(config-if)#crypto map KARTA

Router2(config-if) #exit

Router2(config) #ip route 0.0.0.0 0.0.0.0 80.80.80.1
IPsec sozlamasini ko'rish uchun

#show crypto isakmp sa

#show crypto isakmp policy

#show crypto map

#show crypto ipsec sa

5.3-rasm. IPsec konfiguratsiya qilingan holat

Topshiriq

1. Marshrutizatorlar o`rtasida aloqani tekshiring

2. Istalgan marshrutizatordan chiqishida paketni ochib tahlil qiling

3. IPsec ni sozlang

4. R0 marshrutizatori chiqishida paketni ochib tahlil qiling

Bajarilish.

IP-manzillarini bilan birga sozlash.

Marshrutizatorlar o`rtasida aloqani tekshirish

IP secni sozlash

Download 2,11 Mb.

Do'stlaringiz bilan baham:

1 2 3 4 5