I want shared about configuring IPSec!
BTW, why should use IPsec?
IPSec or IP Security is designed to provide interoperability, quality, cryptographic-based network security for IPv4 and IPv6. services provided include access control, integrity, relationships, data origin authentication, protection opponent answers, confidentiality (encryption), and restrictions on traffic flow confidentiality. These services are available in the IP layer, which provides protection to the IP layer and subsequent protocols. IP Security provides a series of services to secure communication between computers in a network. It also adds to the integrity and confidentiality, the recipient of optional answers (the answer sorting), and data origin authentication (via key management SA), IP Security also provides access control for traffic through it. These objectives are met by met through the use of two traffic security protocols, namely AH (Authentication Header) and ESP (Encapsulating Security Payload) and the use of procedures and cryptographic key management protocol. If this mechanism is implemented should not harm the user, host and other internet components mengguankan no mechanism to protect their data traffic. This mechanism should be flexible in using a security algorithm, which means that the module can use the algorithm according to the implementation choices without affecting the other components. Use the default algorithm should facilitate interoperability in the Internet in general. Pengguanaan algorithm in conjunction with the protection of traffic (IPSec traffic protection) and key management protocol (key management protocols), aims to allow system and application developers to improve the quality high, the Internet layer, cryptographic-based security technology.
BTW, why should use IPsec?
IPSec or IP Security is designed to provide interoperability, quality, cryptographic-based network security for IPv4 and IPv6. services provided include access control, integrity, relationships, data origin authentication, protection opponent answers, confidentiality (encryption), and restrictions on traffic flow confidentiality. These services are available in the IP layer, which provides protection to the IP layer and subsequent protocols. IP Security provides a series of services to secure communication between computers in a network. It also adds to the integrity and confidentiality, the recipient of optional answers (the answer sorting), and data origin authentication (via key management SA), IP Security also provides access control for traffic through it. These objectives are met by met through the use of two traffic security protocols, namely AH (Authentication Header) and ESP (Encapsulating Security Payload) and the use of procedures and cryptographic key management protocol. If this mechanism is implemented should not harm the user, host and other internet components mengguankan no mechanism to protect their data traffic. This mechanism should be flexible in using a security algorithm, which means that the module can use the algorithm according to the implementation choices without affecting the other components. Use the default algorithm should facilitate interoperability in the Internet in general. Pengguanaan algorithm in conjunction with the protection of traffic (IPSec traffic protection) and key management protocol (key management protocols), aims to allow system and application developers to improve the quality high, the Internet layer, cryptographic-based security technology.
IPSec protocol combined with the default algorithm is designed to provide the security of Internet traffic is good. However the security provided by the protocol is in fact dependent on the quality of the implementation, which is beyond the scope of the implementation of these standards. Besides a computer system or network security is a function of many factors, including individual, physical, procedure, source of suspicion and the computer's security practices in the real world. IPSec is only one component of the security system architecture. Security obtained from the use of IPSec depends on the operating environment in which the implementation of IPSec run. For example, damage to the security of the operating system
Topologinya seperti ini
konfigurasi PC0
!
!berikan ip 192.168.1.2/24
!Gateway 192.168.1.1
Konfigurasi PC1
!
!berikan ip 192.168.2.2/24
!Gateway 192.168.2.1
Konfigurasi Router TASIK
!
!hostname TASIK
!interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!interface Serial0/3/0
ip address 10.10.1.1 255.255.255.252
clock rate 19200 ( ingat, karena dia DCE maka konfigurasi clock rate untuk syncronisasi diperlukan )
!
!ip route 0.0.0.0 0.0.0.0 10.10.1.2
Konfigurasi router BANDUNG
!
hostname Bandung
interface Serial0/3/0 (karena sebagai DTE dari TASIK maka untuk syncronisasi clock rate, dia sudah otomats mengikuti DCE TASIK ).
!
ip address 10.10.1.2 255.255.255.252
!
interface Serial0/3/1
ip address 10.11.1.2 255.255.255.252
clock rate 19200
!router rip
network 10.0.0.0
Konfigurasi Router ISP
!
hostname ISP
!
interface Serial0/3/0
ip address 10.11.1.1 255.255.255.252
!
interface Serial0/3/1
ip address 10.12.1.1 255.255.255.252
clock rate 19200
!router rip
network 10.0.0.0
!
Konfigurasi Router Semarang
!
hostname Semarang
!
interface Serial0/0/0
ip address 10.12.1.2 255.255.255.252
!
interface Serial0/0/1
ip address 10.13.1.2 255.255.255.252
clock rate 19200
!
!
router rip
network 10.0.0.0
!
Konfiguasi Router Yogya
!
hostname Yogya
!
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
!
interface Serial0/1/0
ip address 10.13.1.1 255.255.255.252
!ip route 0.0.0.0 0.0.0.0 10.13.1.2
For the standard configuration of each node has been done, now that yes we will use IPsec for Tunnel of TASIK to YOGYA, because it is necessary in setting the router is concerned, namely, routers tasik and Yogya.
konfigurasi IPSec Router TASIK
!
crypto isakmp policy 1
encryption aes
authentication pre-share
group 5
crypto isakmp key cisco address 10.13.1.1 ( peer router jogya arah Semarang)
!
!
crypto ipsec transform-set vpn esp-aes esp-sha-hmac
!
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
!
!
crypto map vpn 1 ipsec-isakmp
set peer 10.13.1.1
set transform-set vpn
match address 100
!
interface Serial0/3/0
crypto map vpn
!
konfigurasi IPSec Router Yogya
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 5
!
crypto isakmp key cisco address 10.10.1.1 ( peer TASIK arah bandung )
!
!
crypto ipsec transform-set vpn esp-aes esp-sha-hmac
!
access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
!
crypto map vpn 1 ipsec-isakmp
set peer 10.10.1.1
set transform-set vpn
match address 100
!
interface Serial0/1/0
crpto map vpn
!
ok ! sudah saatnya kita coba lakukan tes ping dan mengetahui koneksi yang sudah terbangun dari router tasik ke yogya..
Selanjutnya, kita cek koneksi di router
Sekarang kita mau lihat PDU nya..
ketika paket datang dari SEMARANG menuju Yogya
Semoga bermafaat.!