NR - EdgeRouter - EdgeRouter를 Cisco IPSEC에 VPN를 설정하기 =========================================================== download at 2017-02-07T01:10:40Z `origin `_ 주의 사항 - 2 장비 사이에 NAT 작업 등이 없어야 합니다. **토폴로지:** EdgeRouter:  - WAN: 8.8.8.8 - LAN: 10.12.10.0/24 (로컬 서브넷) Cisco: - WAN: 4.4.4.4 - LAN: 10.11.0.0/24 (원격 서브넷)   Cisco 장비에서 다음과 같이 작업합니다. :: crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key YOURPRESHAREDKEYHERE address 8.8.8.8 no-xauth crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to Ubnt Demo set peer 8.8.8.8 set transform-set ESP-3DES-SHA1 match address 107 access-list 107 permit ip host 10.11.0.63 10.12.10.0 0.0.0.255   ER Lite에서 다음과 같이 작업합니다. :: disable-uniqreqids esp-group vpntunnel { compression disable lifetime 1800 mode tunnel pfs disable proposal 1 { encryption 3des hash sha1 } } ike-group vpntunnel { lifetime 28800 proposal 1 { dh-group 2 encryption 3des hash sha1 } } site-to-site { peer 4.4.4.4 { authentication { mode pre-shared-secret pre-shared-secret YOURPRESHAREDKEYHERE } connection-type initiate default-esp-group vpntunnel ike-group HostedVoice local-ip 8.8.8.8 tunnel 10 { allow-nat-networks disable allow-public-networks disable esp-group vpntunnel local { subnet 10.12.10.0/24 } remote { subnet 10.11.0.63/32 } } } }   ER 장비에서 사용된 명령어는 다음과 같습니다 **(8.8.8.8과 4.4.4.4를 본인 설정에 맞는 주소로 변경해야합니다.)** :: configure set vpn ipsec disable-uniqreqids set vpn ipsec esp-group vpntunnel set vpn ipsec esp-group vpntunnel compression disable set vpn ipsec esp-group vpntunnel lifetime 1800 set vpn ipsec esp-group vpntunnel mode tunnel set vpn ipsec esp-group vpntunnel pfs disable set vpn ipsec esp-group vpntunnel proposal 1 set vpn ipsec esp-group vpntunnel proposal 1 encryption 3des set vpn ipsec esp-group vpntunnel proposal 1 hash sha1 set vpn ipsec ike-group vpntunnel set vpn ipsec ike-group vpntunnel lifetime 28800 set vpn ipsec ike-group vpntunnel proposal 1 set vpn ipsec ike-group vpntunnel proposal 1 dh-group 2 set vpn ipsec ike-group vpntunnel proposal 1 encryption 3des set vpn ipsec ike-group vpntunnel proposal 1 hash sha1 set vpn ipsec site-to-site peer 4.4.4.4 set vpn ipsec site-to-site peer 4.4.4.4 local-address 8.8.8.8  set vpn ipsec site-to-site peer 4.4.4.4 authentication mode pre-shared-secret set vpn ipsec site-to-site peer 4.4.4.4 authentication pre-shared-secret mysecretkey set vpn ipsec site-to-site peer 4.4.4.4 connection-type initiate set vpn ipsec site-to-site peer 4.4.4.4 default-esp-group vpntunnel set vpn ipsec site-to-site peer 4.4.4.4 ike-group vpntunnel set vpn ipsec site-to-site peer 4.4.4.4 tunnel 1 set vpn ipsec site-to-site peer 4.4.4.4 tunnel 1 esp-group vpntunnel set vpn ipsec site-to-site peer 4.4.4.4 tunnel 1 local prefix 10.12.10.0/24  set vpn ipsec site-to-site peer 4.4.4.4 tunnel 1 remote prefix 10.11.0.63/32  commit   .. Note:: 원격 서브넷 명령어는 원격지의 1개의 IP와 통신을 가능하도록 하기 위해서 위와 같이 설정하였습니다. (/32 와 같은 설정으로도 변경이 가능합니다.) 로컬 NAT 룰을 원격 서브넷에서 제외해야 함을 잊지 마세요. *- jeff824*