Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 2 of 2
  1. #1
    Status
    Offline
    lamone's Avatar
    Baru Gabung
    Join Date
    Sep 2011
    Posts
    4
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    IPSEC VPN Site to Site Mikrotik dengan OSPF routing, ada yang pernah?

    hello......para master, saya masih newbie di dunia mikrotik, saya mau tanya nih tentang konfigurasi dan setting IPSEC VPN Site to Site Mikrotik dengan OSPF routing, ada sih saya nemu linknya, tapi banyak hal yang saya ga pahami, didalam artikelnya ipnya kok sama yach, mungkin para master bisa membantu saya, maklum nih masih belajar...........ini linknya, atau saya kasih reviewnya disini deh....

    LINK /

    Bro n Sista,

    Indahnya berbagi, kali ini mw shared aja dan bermaksud agar tidak lupa jg. Simulasi IPSEC VPN Site to Site Mikrotik.
    Berikut konfigurasinya, yang gue capture yang penting2 aja ya..
    Berikut network diagramnya, untuk routingnya gue pake OSPF…

    Click here to enlarge

    Power By Wiwid

    Router Lab_1
    1. Buat interface tunnel dulu, protokol yang dipakai ipip (kl ga salah protokol ini open standar ya, jadi bisa dg Cisco jg)
    /interface ipip add local-address=10.8.8.2200 name=ipip1remote-address=10.8.8.231


    2. Set ip address WAN, LAN, dan IP B2B IPIP Tunnelnya. Simulasi ip WAN nya pakai ip private ya,, jadi jangan bingung

    /ip address
    add address=10.8.8.220/24 interface=ether5 —-> (WAN)
    add address=192.168.20.1/24 interface=ether4 —-> (LAN)
    add address=172.16.123.1/24 interface=ipip1 –> (Tunnel)

    3. Konfigurasi IPSEC,

    /ip ipsec policy
    add action=encrypt dst-address=10.8.8.220/32:any ipsec-protocols=esp level=require proposal=default protocol=all
    sa-dst-address=10.8.8.220 sa-src-address=10.8.8.232 src-address=10.8.8.232/32:any tunnel=yes

    /ip ipsec peer
    add address=10.8.8.220/32:500 auth-method=pre-shared-key dh-group=modp1024 enc-algorithm=3des
    hash-algorithm=md5 nat-traversal=yes proposal-check=obey secret=test123 send-initial-contact=yes

    4. Aktifkan, routing OSPF nya

    /routing ospf instance
    add redistribute-connected=as-type-1 router-id=172.16.123.2

    /routing ospf area
    add area-id=0.0.0.255 instance=ospf1 name=area1
    </strong

    /routing ospf network
    add area=area1 comment=”" disabled=no network=172.16.123.0/24

    Untuk network ip,, cukup network ip tunnelnya aja –> interface ipip

    Router Lab_2
    1. Create Interface tunnel

    /interface ipip
    add local-address=10.8.8.220 name=ipip1 remote-address=10.8.8.232

    2. Konfigurasi IP Addres router
    /ip address
    add address=10.8.8.220/24 interface=ether5 –> WAN
    add address=192.168.20.1/24 interface=ether4 –> LAN
    add address=172.16.123.1/24 interface=ipip1 –> Tunnel

    3. Konfigurasi IPSEC,

    /ip ipsec policy
    add action=encrypt dst-address=10.8.8.232/32:any ipsec-protocols=esp level=require proposal=default protocol=all
    sa-dst-address=10.8.8.232 sa-src-address=10.8.8.220 src-address=10.8.8.220/32:any tunnel=yes

    /ip ipsec peer
    add address=10.8.8.232/32:500 auth-method=pre-shared-key dh-group=modp1024 enc-algorithm=3des
    hash-algorithm=md5 nat-traversal=yes proposal-check=obey secret=test123 send-initial-contact=yes

    4. Konfigurasi Routing OSPF

    /routing ospf instance
    add redistribute-connected=as-type-1 router-id=172.16.123.2
    /routing ospf area add area-id=0.0.0.255 instance=ospf1 name=area1

    /routing ospf network add area=area1network=172.16.123.0/24

    Jika konfigurasi kedua router sudah,, cek neighbor ospf dan ipsec SA’s nya

    [admin@Lab1] /ip ipsec peer> /routing ospf neighbor pr
    0 instance=ospf1 router-id=172.16.123.2 address=172.16.123.2 interface=ipip1 priority=1 dr-address=172.16.123.2 backup-dr-address=172.16.123.1 state=”Full”
    state-changes=4 ls-retransmits=0 ls-requests=0 db-summaries=0 adjacency=1h17m40s

    [admin@Lab1] /ip ipsec> installed-sa print
    Flags: A – AH, E – ESP, P – pfs
    0 E spi=0x83C42A6 src-address=10.8.8.220 dst-address=10.8.8.232 auth-algorithm=sha1 enc-algorithm=3des replay=4 state=mature
    auth-key=”108f058577f1b6107b590763b54b9e85d3c14e86″ enc-key=”c74743412d19240f71aaddf817ff1e35fe1870ca60189 0d0″ addtime=apr/14/2011 08:59:31
    add-lifetime=24m/30m usetime=apr/14/2011 08:59:35 use-lifetime=0s/0s current-bytes=9536 lifebytes=0/0

    1 E spi=0xB12819E src-address=10.8.8.232 dst-address=10.8.8.220 auth-algorithm=sha1 enc-algorithm=3des replay=4 state=mature
    auth-key=”1cfebaa94469d4adaf8f3f04569d1bf63ad3b990″ enc-key=”642bae95e59d17dac7216e926a9c5a17d89695cc6de8a 8be” addtime=apr/14/2011 08:59:31
    add-lifetime=24m/30m usetime=apr/14/2011 08:59:34 use-lifetime=0s/0s current-bytes=9636 lifebytes=0/0

    Sekarang yang ditunggu, ping IP PC dari Router Lab_1

    [admin@Lab1] /ip ipsec> /ping 192.168.10.2 size=1500 count=5
    192.168.10.2 1500 byte ping: ttl=127 time=9 ms
    192.168.10.2 1500 byte ping: ttl=127 time=9 ms
    192.168.10.2 1500 byte ping: ttl=127 time=9 ms
    192.168.10.2 1500 byte ping: ttl=127 time=10 ms
    192.168.10.2 1500 byte ping: ttl=127 time=8 ms
    5 packets transmitted, 5 packets received, 0% packet loss
    round-trip min/avg/max = 8/9.0/10 ms

    Jika via traceroute

    [admin@Lab1] /ip ipsec> /tool traceroute 192.168.10.2
    ADDRESS STATUS
    1 172.16.123.2 2ms 3ms 2ms
    2 192.168.10.2 7ms 2ms 2ms

    dari artikel diatas ada beberapa hal yang belom saya pahami, kenapa ada IPnya ada yang sama antara router-lab 1 & 2, apa tidak conflict??

    mohon bimbingannya para master......terima kasih banyak sudah mau memabntu

  2. #2
    Status
    Offline
    abdulgopar's Avatar
    Baru Gabung
    Join Date
    Feb 2010
    Location
    Jakarta Timur
    Posts
    10
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kalau dibaca dari gambar tidak ada masalah dan tidak ada IP yang sama. mungkin seperti ini maksudnya :

    Router Lab_1
    1. Buat interface tunnel dulu, protokol yang dipakai ipip (kl ga salah protokol ini open standar ya, jadi bisa dg Cisco jg)
    /interface ipip add local-address=10.8.8.2200 name=ipip1remote-address=10.8.8.231


    2. Set ip address WAN, LAN, dan IP B2B IPIP Tunnelnya. Simulasi ip WAN nya pakai ip private ya,, jadi jangan bingung

    /ip address
    add address=10.8.8.220/24 interface=ether5 —-> (WAN)
    add address=192.168.20.1/24 interface=ether4 —-> (LAN)
    add address=172.16.123.1/24 interface=ipip1 –> (Tunnel)



    dan untuk Router LAB 2



    2. Konfigurasi IP Addres router
    /ip address
    add address=10.8.8.220/24 interface=ether5 –> WAN

    add address=192.168.20.1/24 interface=ether4 –> LAN
    add address=172.16.123.1/24 interface=ipip1 –> Tunnel

    seharusnya begini

    add address=192.168.10.1/24 interface=ether4 –> LAN
    add address=172.16.123.2/24 interface=ipip1 –> Tunnel


    semoga membantu

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Blokir site porno dengan DNS static di mikrotik
    By cak-opiq in forum General Networking
    Replies: 25
    Last Post: 10-03-2013, 12:37
  2. VPN site to site Mikrotik - Nokia IP 530 (Checkpoint NGX R60)
    By tomisintara in forum General Networking
    Replies: 2
    Last Post: 27-12-2011, 10:15
  3. Bagaimana mereserved bandwidth (QoS) pada PPTP site to site
    By lee140685 in forum General Networking
    Replies: 1
    Last Post: 03-07-2011, 16:14
  4. IPSec VPN dengan dynamic routing
    By Zoe MasterMind in forum General Networking
    Replies: 1
    Last Post: 04-12-2009, 00:14
  5. [ask] blok multi site di mikrotik
    By xhernobyl in forum Beginner Basics
    Replies: 0
    Last Post: 05-11-2009, 10:43

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •