Skip to content

Belajar Mengkonfigurasi IPSec with IPv6-in-IPv4 GRE tunnel

Belajar Mengkonfigurasi IPSec with IPv6-in-IPv4 GRE tunnel
Penggantian infrastruktur secara langsung pada seluruh jaringan IPv4 menuju ke IPv6 tidak
dapat dilakukan serta merta karena beberapa hal,sehingga dibutuhkan mekanisme transisi.
Mekanisme yang sering digunakan adalah model tunneling. Pada implementasinya ada banyak mekanisme
transisi tunneling yang digunakan, mekanisme tadi seperti tabel dibawah ini :
Pada kesempatan ini, kita akan belajar mengkonfigurasi IPSec with IPv6-in-IPv4 GRE tunnel,
teori lengkapnya ada di RFC 4891Topology yang digunakan adalah sebagai berikut :

Peralatan yang digunakan:
--3 buah router
 -- 2 buah router harus support IPv6 (cnc1 dan cnc3)
 -- 1 buah router untuk simulasi IPv4 cloud (cnc2)
--1 buah hub
--3 buah komputer
 -- 2 buah komputer support IPv6 (com1 dan com 2)
 -- 1 buah komputer dengan wireshark,utk mengcapture
 data (komputer)
--kabel utp seperlunya
nb:cloud IPv4 sebelumnya telah disetting terlebih dahulu
menggunakan routing protocol ospfv2 dengan proses id 1

Langkah-langkahnya adalah sebagai berikut:
-Membuat Tunnel di router cnc1 dan cnc3
-------------------------------------------
cnc1#sh run int tun 1
Building configuration...
Current configuration : 172 bytes
!
interface Tunnel1
 no ip address
 ipv6 address FEC0::5:1/112
 tunnel source FastEthernet0/0
 tunnel destination 192.168.20.2
 tunnel mode gre ip
end
cnc1#

cnc3#sh run int tun 1
Building configuration...
Current configuration : 173 bytes
!
interface Tunnel1
 no ip address
 ipv6 address FEC0::5:2/112
 tunnel source FastEthernet0/1
 tunnel destination 192.168.10.65
 tunnel mode gre ip
end
cnc3#
-------------------------------------------
How to check 1 (sh ipv6 int brief)
-------------------------------------------
cnc1#sh ipv6 int brief
FastEthernet0/0            [up/up]
FastEthernet0/1            [up/up]
 FE80::224:97FF:FE4C:8B21
 FEC0::1:1
Loopback0                  [up/up]
 FE80::224:97FF:FE4C:8B20
 FEC0::2:1
Tunnel1                    [up/up]
 FE80::C0A8:A41
 FEC0::5:1
cnc1#

cnc3#sh ipv6 int brief
FastEthernet0/0            [up/up]
 FE80::224:97FF:FE4C:8C28
 FEC0::4:1
FastEthernet0/1            [up/up]
Loopback0                  [up/up]
 FE80::224:97FF:FE4C:8C28
 FEC0::3:1
Tunnel1                    [up/up]
 FE80::C0A8:1402
 FEC0::5:2
cnc3#
--------------------------------------------
How to check 2 (ping)
--------------------------------------------
cnc1#ping fec0::5:2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FEC0::5:2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/4 ms
cnc1#

cnc3#ping fec0::5:1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FEC0::5:1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/4 ms
cnc3#
-------------------------------------------
-Menambahkan routing protocol di tunnel
,pada percobaan ini menggunakan ospfv3
-------------------------------------------
cnc1(config)# ipv6 unicast-routing
cnc1(config)# interface loopback0
cnc1(config-if)# ipv6 ospf 2 area 0
cnc1(config-if)# interface tunnel0
cnc1(config-if)# ipv6 ospf 2 area 0
cnc1(config-if)# interface f0/1
cnc1(config-if)# ipv6 ospf 2 area 0

cnc3(config)# ipv6 unicast-routing
cnc3(config)# interface loopback0
cnc3(config-if)# ipv6 ospf 2 area 0
cnc3(config-if)# interface tunnel0
cnc3(config-if)# ipv6 ospf 2 area 0
cnc3(config-if)# interface f0/0
cnc3(config-if)# ipv6 ospf 2 area 0
-------------------------------------------
How to check 3 (sh ipv6 ospf neighbor)
--------------------------------------------
cnc1#sh ipv6 ospf neighbor
Neighbor ID     Pri   State           Dead Time   Interface ID    Interface
10.10.10.3        1   FULL/  -        00:00:32    9               Tunnel1
cnc1#

cnc3#sh ipv6 ospf neighbor
Neighbor ID     Pri   State           Dead Time   Interface ID    Interface
10.10.10.1        1   FULL/  -        00:00:34    10              Tunnel1
cnc3#
--------------------------------------------
How to check 4 (sh ipv6 route)
--------------------------------------------
cnc1#sh ipv6 route
IPv6 Routing Table - 10 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
 U - Per-user Static route
 I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
 O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
L   FE80::/10 [0/0]
 via ::, Null0
C   FEC0::1:0/112 [0/0]
 via ::, FastEthernet0/1
L   FEC0::1:1/128 [0/0]
 via ::, FastEthernet0/1
C   FEC0::2:0/112 [0/0]
 via ::, Loopback0
L   FEC0::2:1/128 [0/0]
 via ::, Loopback0
O   FEC0::3:1/128 [110/11111]
 via FE80::C0A8:1402, Tunnel1
O   FEC0::4:0/112 [110/11112]
 via FE80::C0A8:1402, Tunnel1
C   FEC0::5:0/112 [0/0]
 via ::, Tunnel1
L   FEC0::5:1/128 [0/0]
 via ::, Tunnel1
L   FF00::/8 [0/0]
 via ::, Null0
cnc1#

cnc3#sh ipv6 route
IPv6 Routing Table - 10 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
 U - Per-user Static route
 I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
 O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
L   FE80::/10 [0/0]
 via ::, Null0
O   FEC0::1:0/112 [110/11112]
 via FE80::C0A8:A41, Tunnel1
O   FEC0::2:1/128 [110/11111]
 via FE80::C0A8:A41, Tunnel1
C   FEC0::3:0/112 [0/0]
 via ::, Loopback0
L   FEC0::3:1/128 [0/0]
 via ::, Loopback0
C   FEC0::4:0/112 [0/0]
 via ::, FastEthernet0/0
L   FEC0::4:1/128 [0/0]
 via ::, FastEthernet0/0
C   FEC0::5:0/112 [0/0]
 via ::, Tunnel1
L   FEC0::5:2/128 [0/0]
 via ::, Tunnel1
L   FF00::/8 [0/0]
 via ::, Null0
cnc3#
-------------------------------------------
How to check 5 (ping6 and treceroute6)
-------------------------------------------
root@toiletumum:/home/harry# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:1b:24:6d:49:2b  
 inet6 addr: fe80::21b:24ff:fe6d:492b/64 Scope:Link
 inet6 addr: fec0::4:2/112 Scope:Site
 UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 RX packets:483 errors:0 dropped:0 overruns:0 frame:0
 TX packets:615 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000
 RX bytes:46201 (46.2 KB)  TX bytes:51861 (51.8 KB)
 Interrupt:27 Base address:0x8000
root@toiletumum:/home/harry#
root@toiletumum:/home/harry# ping6 fec0::1:2
PING fec0::1:2(fec0::1:2) 56 data bytes
64 bytes from fec0::1:2: icmp_seq=1 ttl=62 time=0.833 ms
64 bytes from fec0::1:2: icmp_seq=2 ttl=62 time=0.770 ms
64 bytes from fec0::1:2: icmp_seq=3 ttl=62 time=0.810 ms
64 bytes from fec0::1:2: icmp_seq=4 ttl=62 time=0.820 ms
64 bytes from fec0::1:2: icmp_seq=5 ttl=62 time=0.832 ms
^C
--- fec0::1:2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3996ms
rtt min/avg/max/mdev = 0.770/0.813/0.833/0.023 ms

root@toiletumum:/home/harry# traceroute6 fec0::1:2
traceroute to fec0::1:2 (fec0::1:2) from fec0::4:2, 30 hops max, 16 byte packets
 1  fec0::4:1 (fec0::4:1)  0.651 ms  0.468 ms  0.455 ms
 2  fec0::5:1 (fec0::5:1)  1.327 ms  1.065 ms  1.032 ms
 3  fec0::1:2 (fec0::1:2)  0.573 ms  0.809 ms  0.442 ms
root@toiletumum:/home/harry#
-------------------------------------------
How to check 6 (wireshark)
-------------------------------------------

-------------------------------------------

-IPSec over IPv6-in-IPv4 GRE tunnel
-------------------------------------------
!Konfigurasi di Router cnc1

crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
 lifetime 3600
crypto isakmp key iwingganteng address 192.168.20.2
!
!
crypto ipsec transform-set 50 ah-sha-hmac esp-aes 256 esp-sha-hmac
!
crypto ipsec profile iwing
 set transform-set 50
!
interface tunnel 1
 tunnel protection ipsec profile iwing
--------------------------------------------
!Konfigurasi di Router cnc3

crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
 lifetime 3600
crypto isakmp key iwingganteng address 192.168.10.65
!
!
crypto ipsec transform-set 50 ah-sha-hmac esp-aes 256 esp-sha-hmac
!
crypto ipsec profile iwing
 set transform-set 50
!
interface tunnel 1
 tunnel protection ipsec profile iwing
--------------------------------------------
How to check 7 (show crypto isakmp peers)
--------------------------------------------
cnc1#show crypto isakmp peers
Peer: 192.168.20.2 Port: 500 Local: 192.168.10.65
 Phase1 id: 192.168.20.2
cnc1#

cnc3#show crypto isakmp peers
Peer: 192.168.10.65 Port: 500 Local: 192.168.20.2
 Phase1 id: 192.168.10.65
cnc3#
--------------------------------------------
How to check 8 (show crypto isakmp policy)
--------------------------------------------
cnc1#show crypto isakmp policy
Global IKE policy
Protection suite of priority 10
 encryption algorithm:    AES - Advanced Encryption Standard (256 bit keys).
 hash algorithm:        Secure Hash Standard
 authentication method:    Pre-Shared Key
 Diffie-Hellman group:    #5 (1536 bit)
 lifetime:        3600 seconds, no volume limit
Default protection suite
 encryption algorithm:    DES - Data Encryption Standard (56 bit keys).
 hash algorithm:        Secure Hash Standard
 authentication method:    Rivest-Shamir-Adleman Signature
 Diffie-Hellman group:    #1 (768 bit)
 lifetime:        86400 seconds, no volume limit
cnc1#

cnc3#show crypto isakmp policy
Global IKE policy
Protection suite of priority 10
 encryption algorithm:    AES - Advanced Encryption Standard (256 bit keys).
 hash algorithm:        Secure Hash Standard
 authentication method:    Pre-Shared Key
 Diffie-Hellman group:    #5 (1536 bit)
 lifetime:        3600 seconds, no volume limit
Default protection suite
 encryption algorithm:    DES - Data Encryption Standard (56 bit keys).
 hash algorithm:        Secure Hash Standard
 authentication method:    Rivest-Shamir-Adleman Signature
 Diffie-Hellman group:    #1 (768 bit)
 lifetime:        86400 seconds, no volume limit
cnc3#
--------------------------------------------
How to check 9 (show crypto ipsec transform-set)
--------------------------------------------
cnc1#show crypto ipsec transform-set
Transform set 50: { ah-sha-hmac  }
 will negotiate = { Tunnel,  },
 { esp-256-aes esp-sha-hmac  }
 will negotiate = { Tunnel,  }, 

cnc1#

cnc3#show crypto ipsec transform-set
Transform set 50: { ah-sha-hmac  }
 will negotiate = { Tunnel,  },
 { esp-256-aes esp-sha-hmac  }
 will negotiate = { Tunnel,  }, 

cnc3#
--------------------------------------------
How to check 10 (show crypto map)
--------------------------------------------
cnc1#
Crypto Map "Tunnel1-head-0" 65536 ipsec-isakmp
 Profile name: iwing
 Security association lifetime: 4608000 kilobytes/3600 seconds
 PFS (Y/N): N
 Transform sets={
 50,
 }

Crypto Map "Tunnel1-head-0" 65537 ipsec-isakmp
 Map is a PROFILE INSTANCE.
 Peer = 192.168.20.2
 Extended IP access list
 access-list  permit gre host 192.168.10.65 host 192.168.20.2
 Current peer: 192.168.20.2
 Security association lifetime: 4608000 kilobytes/3600 seconds
 PFS (Y/N): N
 Transform sets={
 50,
 }
 Interfaces using crypto map Tunnel1-head-0:
 Tunnel1

cnc1#

cnc3#show crypto map
Crypto Map "Tunnel1-head-0" 65536 ipsec-isakmp
 Profile name: iwing
 Security association lifetime: 4608000 kilobytes/3600 seconds
 PFS (Y/N): N
 Transform sets={
 50,
 }

Crypto Map "Tunnel1-head-0" 65537 ipsec-isakmp
 Map is a PROFILE INSTANCE.
 Peer = 192.168.10.65
 Extended IP access list
 access-list  permit gre host 192.168.20.2 host 192.168.10.65
 Current peer: 192.168.10.65
 Security association lifetime: 4608000 kilobytes/3600 seconds
 PFS (Y/N): N
 Transform sets={
 50,
 }
 Interfaces using crypto map Tunnel1-head-0:
 Tunnel1

cnc3#
--------------------------------------------
How to check 11 (show crypto session detail)
--------------------------------------------
cnc1#show crypto session detail
Crypto session current status

Code: C - IKE Configuration mode, D - Dead Peer Detection     
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication

Interface: Tunnel1
Session status: UP-ACTIVE     
Peer: 192.168.20.2 port 500 fvrf: (none) ivrf: (none)
 Phase1_id: 192.168.20.2
 Desc: (none)
 IKE SA: local 192.168.10.65/500 remote 192.168.20.2/500 Active
 Capabilities:(none) connid:1 lifetime:00:32:54
 IPSEC FLOW: permit 47 host 192.168.10.65 host 192.168.20.2
 Active SAs: 4, origin: crypto map
 Inbound:  #pkts dec'ed 774 drop 0 life (KB/Sec) 4567319/1974
 Outbound: #pkts enc'ed 665 drop 0 life (KB/Sec) 4567331/1974

cnc1#

cnc3#show crypto session detail
Crypto session current status

Code: C - IKE Configuration mode, D - Dead Peer Detection     
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication

Interface: Tunnel1
Session status: UP-ACTIVE     
Peer: 192.168.10.65 port 500 fvrf: (none) ivrf: (none)
 Phase1_id: 192.168.10.65
 Desc: (none)
 IKE SA: local 192.168.20.2/500 remote 192.168.10.65/500 Active
 Capabilities:(none) connid:1 lifetime:00:32:04
 IPSEC FLOW: permit 47 host 192.168.20.2 host 192.168.10.65
 Active SAs: 4, origin: crypto map
 Inbound:  #pkts dec'ed 672 drop 0 life (KB/Sec) 4424991/1925
 Outbound: #pkts enc'ed 782 drop 15 life (KB/Sec) 4424980/1925

cnc3#
--------------------------------------------
How to check 12 (show crypto isakmp sa)
--------------------------------------------
cnc1#show crypto isakmp sa
dst             src             state          conn-id slot status
192.168.20.2    192.168.10.65   QM_IDLE              1    0 ACTIVE

cnc1#

cnc3#show crypto isakmp sa
dst             src             state          conn-id slot status
192.168.20.2    192.168.10.65   QM_IDLE              1    0 ACTIVE

cnc3#
--------------------------------------------
How to check 13 (show crypto ipsec sa)
--------------------------------------------
cnc1#show crypto ipsec sa

interface: Tunnel1
 Crypto map tag: Tunnel1-head-0, local addr 192.168.10.65

 protected vrf: (none)
 local  ident (addr/mask/prot/port): (192.168.10.65/255.255.255.255/47/0)
 remote ident (addr/mask/prot/port): (192.168.20.2/255.255.255.255/47/0)
 current_peer 192.168.20.2 port 500
 PERMIT, flags={origin_is_acl,}
 #pkts encaps: 607, #pkts encrypt: 607, #pkts digest: 607
 #pkts decaps: 679, #pkts decrypt: 679, #pkts verify: 679
 #pkts compressed: 0, #pkts decompressed: 0
 #pkts not compressed: 0, #pkts compr. failed: 0
 #pkts not decompressed: 0, #pkts decompress failed: 0
 #send errors 0, #recv errors 0

 local crypto endpt.: 192.168.10.65, remote crypto endpt.: 192.168.20.2
 path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
 current outbound spi: 0xEB85FD04(3951426820)

 inbound esp sas:
 spi: 0xA95D8E4D(2841480781)
 transform: esp-256-aes esp-sha-hmac ,
 in use settings ={Tunnel, }
 conn id: 3001, flow_id: NETGX:1, crypto map: Tunnel1-head-0
 sa timing: remaining key lifetime (k/sec): (4567336/2136)
 IV size: 16 bytes
 replay detection support: Y
 Status: ACTIVE

 inbound ah sas:
 spi: 0x160E6848(370042952)
 transform: ah-sha-hmac ,
 in use settings ={Tunnel, }
 conn id: 3001, flow_id: NETGX:1, crypto map: Tunnel1-head-0
 sa timing: remaining key lifetime (k/sec): (4567335/2133)
 replay detection support: Y
 Status: ACTIVE

 inbound pcp sas:

 outbound esp sas:
 spi: 0xEB85FD04(3951426820)
 transform: esp-256-aes esp-sha-hmac ,
 in use settings ={Tunnel, }
 conn id: 3002, flow_id: NETGX:2, crypto map: Tunnel1-head-0
 sa timing: remaining key lifetime (k/sec): (4567342/2133)
 IV size: 16 bytes
 replay detection support: Y
 Status: ACTIVE

 outbound ah sas:
 spi: 0x76313D9F(1982938527)
 transform: ah-sha-hmac ,
 in use settings ={Tunnel, }
 conn id: 3002, flow_id: NETGX:2, crypto map: Tunnel1-head-0
 sa timing: remaining key lifetime (k/sec): (4567342/2132)
 replay detection support: Y
 Status: ACTIVE

 outbound pcp sas:
cnc1#

cnc3#show crypto ipsec sa
interface: Tunnel1
 Crypto map tag: Tunnel1-head-0, local addr 192.168.20.2

 protected vrf: (none)
 local  ident (addr/mask/prot/port): (192.168.20.2/255.255.255.255/47/0)
 remote ident (addr/mask/prot/port): (192.168.10.65/255.255.255.255/47/0)
 current_peer 192.168.10.65 port 500
 PERMIT, flags={origin_is_acl,}
 #pkts encaps: 689, #pkts encrypt: 689, #pkts digest: 689
 #pkts decaps: 614, #pkts decrypt: 614, #pkts verify: 614
 #pkts compressed: 0, #pkts decompressed: 0
 #pkts not compressed: 0, #pkts compr. failed: 0
 #pkts not decompressed: 0, #pkts decompress failed: 0
 #send errors 15, #recv errors 0

 local crypto endpt.: 192.168.20.2, remote crypto endpt.: 192.168.10.65
 path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/1
 current outbound spi: 0xA95D8E4D(2841480781)

 inbound esp sas:
 spi: 0xEB85FD04(3951426820)
 transform: esp-256-aes esp-sha-hmac ,
 in use settings ={Tunnel, }
 conn id: 3001, flow_id: NETGX:1, crypto map: Tunnel1-head-0
 sa timing: remaining key lifetime (k/sec): (4425003/2127)
 IV size: 16 bytes
 replay detection support: Y
 Status: ACTIVE

 inbound ah sas:
 spi: 0x76313D9F(1982938527)
 transform: ah-sha-hmac ,
 in use settings ={Tunnel, }
 conn id: 3001, flow_id: NETGX:1, crypto map: Tunnel1-head-0
 sa timing: remaining key lifetime (k/sec): (4425003/2127)
 replay detection support: Y
 Status: ACTIVE

 inbound pcp sas:

 outbound esp sas:
 spi: 0xA95D8E4D(2841480781)
 transform: esp-256-aes esp-sha-hmac ,
 in use settings ={Tunnel, }
 conn id: 3002, flow_id: NETGX:2, crypto map: Tunnel1-head-0
 sa timing: remaining key lifetime (k/sec): (4424996/2127)
 IV size: 16 bytes
 replay detection support: Y
 Status: ACTIVE

 outbound ah sas:
 spi: 0x160E6848(370042952)
 transform: ah-sha-hmac ,
 in use settings ={Tunnel, }
 conn id: 3002, flow_id: NETGX:2, crypto map: Tunnel1-head-0
 sa timing: remaining key lifetime (k/sec): (4424996/2126)
 replay detection support: Y
 Status: ACTIVE

 outbound pcp sas:
cnc3#

--------------------------------------------
How to check 14 (ping6 and treceroute6)
--------------------------------------------
root@toiletumum:/home/harry# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:1b:24:6d:49:2b  
 inet6 addr: fe80::21b:24ff:fe6d:492b/64 Scope:Link
 inet6 addr: fec0::4:2/112 Scope:Site
 UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 RX packets:483 errors:0 dropped:0 overruns:0 frame:0
 TX packets:615 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000
 RX bytes:46201 (46.2 KB)  TX bytes:51861 (51.8 KB)
 Interrupt:27 Base address:0x8000 

root@toiletumum:/home/harry#
root@toiletumum:/home/harry# ping6 fec0::1:2
PING fec0::1:2(fec0::1:2) 56 data bytes
64 bytes from fec0::1:2: icmp_seq=1 ttl=62 time=5.17 ms
64 bytes from fec0::1:2: icmp_seq=2 ttl=62 time=5.24 ms
64 bytes from fec0::1:2: icmp_seq=3 ttl=62 time=5.22 ms
64 bytes from fec0::1:2: icmp_seq=4 ttl=62 time=5.08 ms
64 bytes from fec0::1:2: icmp_seq=5 ttl=62 time=5.17 ms
^C
--- fec0::1:2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4004ms
rtt min/avg/max/mdev = 5.088/5.181/5.241/0.105 ms

root@toiletumum:/home/harry# traceroute6 fec0::1:2
traceroute to fec0::1:2 (fec0::1:2) from fec0::4:2, 30 hops max, 16 byte packets
 1  fec0::4:1 (fec0::4:1)  0.629 ms  0.515 ms  0.436 ms
 2  fec0::5:1 (fec0::5:1)  5.597 ms  4.589 ms  4.448 ms
 3  fec0::1:2 (fec0::1:2)  15.673 ms  4.989 ms  4.897 ms
root@toiletumum:/home/harry#
--------------------------------------------
How to check 15 (wireshark)
--------------------------------------------

-------------------------------------------
konfigurasi lengkapnya
-------------------------------------------
cnc1#sh run
Building configuration...

Current configuration : 1572 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cnc1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$XnAA$IaSpaeMSOyHz8uloQd1J..
!
no aaa new-model
!
ip cef
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!         
ipv6 unicast-routing
ipv6 cef
!
voice-card 0
 no dspfarm
!        
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
 lifetime 3600
crypto isakmp key iwingganteng address 192.168.20.2
!
crypto ipsec transform-set 50 ah-sha-hmac esp-aes 256 esp-sha-hmac
!
crypto ipsec profile iwing
 set transform-set 50
!
interface Loopback0
 ip address 10.10.10.1 255.255.255.255
 ipv6 address FEC0::2:1/112
 ipv6 ospf 2 area 0
!
interface Tunnel1
 no ip address
 ipv6 address FEC0::5:1/112
 ipv6 ospf 2 area 0
 tunnel source FastEthernet0/0
 tunnel destination 192.168.20.2
 tunnel protection ipsec profile iwing
!
interface FastEthernet0/0
 ip address 192.168.10.65 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address FEC0::1:1/112
 ipv6 ospf 2 area 0
!
router ospf 1
 log-adjacency-changes
 network 10.10.10.1 0.0.0.0 area 0
 network 192.168.10.64 0.0.0.3 area 0
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ipv6 router ospf 2
 log-adjacency-changes
!
control-plane
!
line con 0
line aux 0
line vty 0 4
 password 7 xxx
 login
!
scheduler allocate 20000 1000
!
end

cnc1#

cnc3#sh run
Building configuration...

Current configuration : 1592 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cnc3
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$07L9$07XS6yvACJM3wgpyRkjOZ/
!
no aaa new-model
!
ip cef
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
ipv6 unicast-routing
ipv6 cef
!
voice-card 0
 no dspfarm        
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
 lifetime 3600
crypto isakmp key iwingganteng address 192.168.10.65
!
crypto ipsec transform-set 50 ah-sha-hmac esp-aes 256 esp-sha-hmac
!
crypto ipsec profile iwing
 set transform-set 50
!
interface Loopback0
 ip address 10.10.10.3 255.255.255.255
 ipv6 address FEC0::3:1/112
 ipv6 ospf 2 area 0
!         
interface Tunnel1
 no ip address
 ipv6 address FEC0::5:2/112
 ipv6 ospf 2 area 0
 tunnel source FastEthernet0/1
 tunnel destination 192.168.10.65
 tunnel protection ipsec profile iwing
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 ipv6 address FEC0::4:1/112
 ipv6 ospf 2 area 0
!
interface FastEthernet0/1
 ip address 192.168.20.2 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 10.10.10.3 0.0.0.0 area 0
 network 192.168.20.0 0.0.0.255 area 0
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ipv6 router ospf 2
 log-adjacency-changes
!
control-plane
!
line con 0
line aux 0
line vty 0 4
 password 7 xxxx
 login
!
scheduler allocate 20000 1000
!
end

cnc3#
-------------------------------------------
"Sekian dulu dan semoga bermanfaat"

ref:
[1]Cisco IOS IPv6 Configuration Guide,
URL:http://www.cisco.com, (April 2010)
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: