Setting IPSec pada mikrotik

Setting IPSec pada perangkat Mikrotik


Topologi sederhana yang akan kita implementasikan adalah sebagai berikut.


Setting IPSec pada mikrotik
Tahap pertama Konfigurasi IP address dan hostname, di semua router sesuai dengan topologi di atas.

R-ISP
[admin@MikroTik] > system identity set name=R-ISP
[admin@R-ISP] > ip address add address=100.100.100.5/30 interface=ether1
[admin@R-ISP] > ip address add address=200.200.200.5/30 interface=ether2


R-Site-A
[admin@MikroTik] > system identity set name=R-Site-A
[admin@R-Site-A] > ip address add address=100.100.100.6/30 interface=ether1
[admin@R-Site-A] > ip address add address=192.168.10.1/24 interface=ether2
[admin@R-Site-A] > ip route add dst-address=0.0.0.0/0 gateway=100.100.100.5


R-Site-B
[admin@MikroTik] > system identity set name=R-Site-B
[admin@R-Site-B] > ip address add address=200.200.200.6/30 interface=ether1
[admin@R-Site-B] > ip address add address=192.168.50.1/24 interface=ether2
[admin@R-Site-A] > ip route add dst-address=0.0.0.0/0 gateway=200.200.200.5


C1-A
[admin@MikroTik] > system identity set name=C1-A
[admin@C1-A] > ip address add address=192.168.10.10/24 interface=ether1
[admin@C1-A] > ip route add dst-address=0.0.0.0/0 gateway=192.168.10.1
 
C1-B
[admin@MikroTik] > system identity set name=C1-B
[admin@C1-B] > ip address add address=192.168.50.50/24 interface=ether1
[admin@C1-B] > ip route add dst-address=0.0.0.0/0 gateway=192.168.50.1 

Tahap kedua konfigurasi IP NAT Masquarade di R-Site-A dan R-Site-B

[admin@R-Site-A] > ip firewall nat add chain=srcnat src-address=192.168.10.0/24 dst-address=192.168.50.0/24 action=accept
[admin@R-Site-A] > ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade
 
R-Site-B
[admin@R-Site-B] > ip firewall nat add chain=srcnat src-address=192.168.50.0/24 dst-address=192.168.10.0/24 action=accept
[admin@R-Site-B] > ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade 
 
 Tahap ketiga konfigurasi ip sec policy da nip sec peer di router R-Site-A dan R-Site-B
 
R-Site-A
[admin@R-Site-A] > ip ipsec policy add src-address=192.168.10.0/24 dst-address=192.168.50.0/24 action=encrypt tunnel=yes sa-src-address=100.100.100.6 sa-dst-address=200.200.200.6 proposal=default
[admin@R-Site-A] > ip ipsec peer add address=200.200.200.6 port=500 auth-method=pre-shared-key secret=ngonfig nat-traversal=yes
 
R-Site-B
[admin@R-Site-B] > ip ipsec policy add src-address=192.168.50.0/24 dst-address=192.168.10.0/24 sa-src-address=200.200.200.6 sa-dst-address=100.100.100.6 action=encrypt tunnel=yes proposal=default

[admin@R-Site-B] > ip ipsec peer add address=100.100.100.6 port=500 auth-method=pre-shared-key secret=ngonfig nat-traversal=yes
Tahap keempat lihat koneksi apakah sudah tersambung
R-Site-A
[admin@R-Site-A] > ip ipsec remote-peers pr
 0 local-address=100.100.100.6 remote-address=200.200.200.6 state=established side=responder established=2m35s
R-Site-B
[admin@R-Site-B] > ip ipsec remote-peers pr
 0 local-address=200.200.200.6 remote-address=100.100.100.6 state=established side=initiator established=2m44s
Tahap keempat uji konfigurasi ipsec dengan mencoba ping dari C1-A ke C1-B ataupun sebaliknya
C1-A
[admin@C1-A] > ping 192.168.50.50
HOST                                     SIZE TTL TIME  STATUS
192.168.50.50                              56  62 25ms
192.168.50.50                              56  62 23ms
192.168.50.50                              56  62 20ms
192.168.50.50                              56  62 19ms
192.168.50.50                              56  62 22ms
    sent=5 received=5 packet-loss=0% min-rtt=19ms avg-rtt=21ms max-rtt=25ms
C1-B
[admin@C1-B] > ping 192.168.10.10
HOST                                     SIZE TTL TIME  STATUS
192.168.10.10                              56  62 51ms
192.168.10.10                              56  62 20ms
192.168.10.10                              56  62 19ms
192.168.10.10                              56  62 19ms
192.168.10.10                              56  62 18ms
192.168.10.10                              56  62 28ms
    sent=6 received=6 packet-loss=0% min-rtt=18ms avg-rtt=25ms max-rtt=51ms 

 Demikian sedikit sharing dari saya.

Reference :ngonfig

0 Response to "Setting IPSec pada mikrotik"

Post a Comment

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel