OS/Windows Server

[21전국] 2과제 2. S2S VPN 구성

_눙이_ 2021. 11. 10. 18:13
반응형

LEFT-R1, RIGHT-R1, FW

powershell 실행

Install-WindowsFeature routing -IncludeManagementTools

rrasmgmt.msc 실행

 

 

 

services.msc 실행

 

 

 

 

 

LEFT-R1

powershell 실행

 

$proposal1 = New-NetIPsecAuthProposal -Machine -PreSharedKey "Skill39"

$set1 = New-NetIPsecPhase1AuthSet -DisplayName set1 -proposal $proposal1

$proposal2 = New-NetIPsecMainModeCryptoProposal -Encryption DES3 –Hash SHA256 -KeyExchange DH14

$set2 = New-NetIPsecMainModeCryptoSet -DisplayName set2 –proposal $proposal2

$rule1 = New-NetIPsecMainModeRule -DisplayName rule1 -MainModeCryptoSet $set2.Name –phase1authset $set1.name

$proposal3 = New-NetIPsecQuickModeCryptoProposal -Encapsulation ESP -ESPHash SHA256 -Encryption DES3

$set3 = New-NetIPsecQuickModeCryptoSet -DisplayName set3 -Proposal $proposal3

New-NetIPsecRule -displayname IPsec -mode Tunnel -LocalAddress 192.168.1.0/24, 27.0.0.1/32 -RemoteAddress 192.168.2.0/24, 37.0.0.1/32 -LocalTunnelEndpoint 27.0.0.1 -RemoteTunnelEndpoint 37.0.0.1 -InboundSecurity Require -OutboundSecurity Require –ipsecrulename $rule1.name -QuickModeCryptoSet $set3.Name

 

RIGHT-R1

powershell 실행

$proposal1 = New-NetIPsecAuthProposal -Machine -PreSharedKey "Skill39"

$set1 = New-NetIPsecPhase1AuthSet -DisplayName set1 -Proposal $proposal1

$proposal2 = New-NetIPsecMainModeCryptoProposal -Encryption DES3 –Hash SHA256 -KeyExchange DH14

$set2 = New-NetIPsecMainModeCryptoSet -DisplayName set2 –proposal $proposal2

$rule1 = New-NetIPsecMainModeRule -DisplayName rule1 -MainModeCryptoSet $set2.Name –phase1authset $set1.name

$proposal3 = New-NetIPsecQuickModeCryptoProposal -Encapsulation ESP -ESPHash SHA256 -Encryption DES3

$set3 = New-NetIPsecQuickModeCryptoSet -DisplayName set3 -Proposal $proposal3

New-NetIPsecRule -displayname IPsec -mode Tunnel -LocalAddress 192.168.2.0/24, 37.0.0.1/32  -RemoteAddress 192.168.1.0/24, 27.0.0.1/32 -LocalTunnelEndpoint 37.0.0.1 -RemoteTunnelEndpoint 27.0.0.1 -InboundSecurity Require -OutboundSecurity Require –ipsecrulename $rule1.name  -QuickModeCryptoSet $set3.Name

 

LEFT-R2

cmd 실행

route add 192.168.2.0/24 192.168.1.254 -p

 

RIGHT-R2

cmd 실행

route add 192.168.1.0/24 192.168.2.254 -p

 

 

반응형