Nyob zoo! IN Kuv tau piav qhia txog kev ua haujlwm ntawm peb cov kev pabcuam MultiSIM hauv ib feem и cov channel. Raws li tau hais, peb txuas cov neeg siv khoom mus rau lub network ntawm VPN, thiab hnub no kuv yuav qhia koj me ntsis ntxiv txog VPN thiab peb lub peev xwm hauv ntu no.
Nws yog ib qho tsim nyog pib nrog qhov tseeb tias peb, ua tus neeg siv xov tooj, muaj peb tus kheej MPLS network loj, uas rau cov neeg siv khoom ruaj khov tau muab faib ua ob ntu tseem ceeb - ib qho uas siv ncaj qha rau hauv Internet, thiab ib qho uas yog. siv los tsim kev sib koom tes sib cais - thiab nws yog los ntawm ntu MPLS uas IPVPN (L3 OSI) thiab VPLAN (L2 OSI) kev khiav mus rau peb cov neeg siv khoom lag luam.
Feem ntau, kev sib txuas ntawm cov neeg siv khoom tshwm sim raws li hauv qab no.
Ib txoj kab nkag tau muab tso rau hauv tus neeg siv khoom lub chaw ua haujlwm los ntawm qhov ze tshaj plaws Point of Presence ntawm lub network (node MEN, RRL, BSSS, FTTB, thiab lwm yam) thiab ntxiv mus, cov channel tau sau npe los ntawm kev thauj mus los rau qhov sib thooj PE-MPLS router, ntawm qhov uas peb tso tawm rau ib qho tshwj xeeb tsim rau tus neeg siv khoom VRF, suav nrog cov tsheb khiav tsheb uas tus neeg siv khoom xav tau (cov ntawv sau npe raug xaiv rau txhua qhov chaw nkag, raws li ip precedence qhov tseem ceeb 0,1,3,5, XNUMX).
Yog tias vim li cas peb tsis tuaj yeem npaj tag nrho mais kawg rau tus neeg siv khoom, piv txwv li, tus neeg siv khoom lub chaw haujlwm nyob hauv ib lub chaw ua lag luam, qhov twg lwm tus neeg muab kev pabcuam tseem ceeb, lossis peb tsuas yog tsis muaj peb qhov chaw nyob ze, tom qab ntawd cov neeg siv khoom yav dhau los yuav tsum tau tsim ntau lub IPVPN tes hauj lwm ntawm cov chaw muab kev pab sib txawv (tsis yog tus nqi tsim nyog tshaj plaws) lossis nws tus kheej daws teeb meem nrog kev teeb tsa kev nkag mus rau koj VRF hauv Is Taws Nem.
Ntau tus tau ua qhov no los ntawm kev txhim kho IPVPN Internet rooj vag - lawv tau nruab ib lub router ciam teb (kho vajtse lossis qee qhov kev daws teeb meem Linux), txuas nrog IPVPN channel rau nws nrog ib qho chaw nres nkoj thiab Internet channel nrog rau lwm qhov, qhib lawv VPN server rau nws thiab txuas nrog. cov neeg siv los ntawm lawv tus kheej lub rooj vag VPN. Lawm, cov tswv yim zoo li no kuj tsim lub nra: xws li infrastructure yuav tsum tau tsim thiab, feem ntau tsis yooj yim, ua haujlwm thiab tsim.
Txhawm rau ua kom lub neej yooj yim dua rau peb cov neeg siv khoom, peb tau teeb tsa lub hauv paus VPN hub thiab txhim kho kev txhawb nqa rau kev sib txuas hauv Is Taws Nem siv IPSec, uas yog, tam sim no cov neeg siv tsuas yog xav tau teeb tsa lawv lub router los ua haujlwm nrog peb lub VPN hub ntawm IPSec qhov hla txhua qhov hauv Internet. , thiab peb cia tso tus neeg siv khoom no mus rau nws VRF.
Leej twg yuav pom nws muaj txiaj ntsig?
- Rau cov neeg uas twb muaj IPVPN network loj thiab xav tau kev sib txuas tshiab hauv lub sijhawm luv luv.
- Txhua tus uas, vim li cas, xav hloov ib feem ntawm kev khiav tsheb los ntawm pej xeem Is Taws Nem mus rau IPVPN, tab sis yav dhau los tau ntsib cov kev txwv kev cuam tshuam nrog ntau tus neeg muab kev pabcuam.
- Rau cov neeg uas tam sim no muaj ntau qhov sib txawv VPN tes hauj lwm thoob plaws cov tswv lag luam sib txawv. Muaj cov neeg siv khoom uas tau ua tiav IPVPN los ntawm Beeline, Megafon, Rostelecom, thiab lwm yam. Txhawm rau ua kom yooj yim dua, koj tuaj yeem nyob ntawm peb lub VPN nkaus xwb, hloov tag nrho lwm cov channel ntawm lwm tus neeg ua haujlwm hauv Is Taws Nem, thiab tom qab ntawd txuas mus rau Beeline IPVPN ntawm IPSec thiab Is Taws Nem los ntawm cov neeg ua haujlwm no.
- Rau cov neeg uas twb muaj IPVPN network overlayed hauv Is Taws Nem.
Yog tias koj xa txhua yam nrog peb, cov neeg siv khoom tau txais kev txhawb nqa VPN tag nrho, kev tsim kho vaj tse loj, thiab cov txheej txheem teeb tsa uas yuav ua haujlwm ntawm txhua lub router uas lawv tau siv los (xws li Cisco, txawm tias Mikrotik, qhov tseem ceeb yog tias nws tuaj yeem txhawb nqa tau zoo. IPSec/IKEv2 nrog cov qauv kev lees paub tseeb). Los ntawm txoj kev, txog IPSec - tam sim no peb tsuas yog txhawb nqa nws, tab sis peb npaj yuav pib ua haujlwm puv npo ntawm OpenVPN thiab Wireguard, kom cov neeg siv khoom tsis tuaj yeem nyob ntawm tus txheej txheem thiab nws tseem yooj yim dua los nqa thiab hloov txhua yam rau peb, thiab peb kuj xav pib txuas cov neeg siv khoom los ntawm cov khoos phis tawj thiab cov khoom siv mobile (cov kev daws teeb meem tsim rau hauv OS, Cisco AnyConnect thiab strongSwan thiab lwm yam). Nrog rau txoj hauv kev no, kev tsim kho de facto ntawm kev tsim kho vaj tse tuaj yeem raug xa mus rau tus neeg teb xov tooj kom muaj kev nyab xeeb, tsuas yog kev teeb tsa ntawm CPE lossis tus tswv tsev.
Cov txheej txheem kev sib txuas ua haujlwm li cas rau IPSec hom:
- Tus neeg siv tawm ib daim ntawv thov rau nws tus thawj tswj hwm uas nws qhia txog qhov yuav tsum tau muaj kev sib txuas ceev, kev khiav tsheb profile thiab tus IP chaw nyob tsis tau rau lub qhov (los ntawm lub neej ntawd, subnet nrog / 30 daim npog ntsej muag) thiab hom routing (zoo li qub lossis BGP). Txhawm rau hloov txoj hauv kev mus rau tus neeg siv khoom hauv zos hauv lub chaw ua haujlwm sib txuas, IKEv2 cov txheej txheem ntawm IPSec raws tu qauv siv tau siv cov chaw tsim nyog ntawm tus neeg siv router, lossis lawv tau tshaj tawm los ntawm BGP hauv MPLS los ntawm tus kheej BGP AS tau teev tseg hauv tus neeg siv daim ntawv thov . Yog li, cov ntaub ntawv hais txog txoj hauv kev ntawm cov neeg siv khoom network yog tswj hwm los ntawm tus neeg siv khoom los ntawm kev teeb tsa ntawm tus neeg siv khoom router.
- Hauv kev teb los ntawm nws tus thawj tswj hwm, tus neeg siv khoom tau txais cov ntaub ntawv suav nrog rau hauv nws VRF ntawm daim ntawv:
- VPN-HUB IP chaw nyob
- ID nkag mus
- Authentication password
- Configures CPE, hauv qab no, piv txwv li, ob qho yooj yim configuration xaiv:
Kev xaiv rau Cisco:
crypto ikev2 keyring BeelineIPsec_keyring
sib tham Beeline_VPNHub
chaw nyob 62.141.99.183 -VPN hub Beeline
pre-shared-key <Authentication password>
!
Rau qhov kev xaiv routing zoo li qub, txoj hauv kev mus rau cov tes hauj lwm siv tau los ntawm Vpn-hub tuaj yeem teev nyob rau hauv IKEv2 kev teeb tsa thiab lawv yuav cia li tshwm raws li txoj hauv kev zoo li qub hauv CE routing table. Cov kev teeb tsa no tseem tuaj yeem ua tau siv tus qauv txheej txheem ntawm kev teeb tsa txoj hauv kev zoo li qub (saib hauv qab).crypto ikev2 txoj cai tso cai FlexClient-author
Txoj kev mus rau cov tes hauj lwm tom qab CE router - qhov yuav tsum tau teeb tsa rau txoj kev zoo li qub ntawm CE thiab PE. Kev hloov ntawm txoj kev cov ntaub ntawv mus rau PE yog ua tiav thaum lub qhov av tau tsa los ntawm kev sib cuam tshuam IKEv2.
kev teeb tsa tej thaj chaw deb ipv4 10.1.1.0 255.255.255.0 - Chaw ua haujlwm hauv zos network
!
crypto ikev2 profile BeelineIPSec_profile
tus kheej hauv zos <login>
authentication hauv zos pre-share
authentication tej thaj chaw deb pre-share
keyring hauv zos BeelineIPsec_keyring
aaa tso cai pab pawg psk npe pawg-author-list FlexClient-author
!
crypto ikev2 neeg siv flexvpn BeelineIPsec_flex
peer 1 Beeline_VPNHub
neeg txuas Tunnel1
!
crypto ipsec transform-set TRANSFORM1 esp-aes 256 esp-sha256-hmac
mode qhov
!
crypto ipsec profile default
set transform-set TRANSFORM1
set ikev2-profile BeelineIPSec_profile
!
Interface Tunnel1
IP chaw nyob 10.20.1.2 255.255.255.252 - Qhov chaw nyob
Qhov chaw GigabitEthernet0/2 -Internet nkag interface
tunnel hom ipsec ipv4
tunnel destination dynamic
tunnel tiv thaiv ipsec profile default
!
Txoj kev mus rau tus neeg siv khoom ntiag tug sib txuas siv tau los ntawm Beeline VPN concentrator tuaj yeem teeb tsa tau.ip txoj kev 172.16.0.0 255.255.0.0 Tunnel1
ip txoj kev 192.168.0.0 255.255.255.0 Tunnel1Kev xaiv rau Huawei (ar160/120):
ike local-name <login>
#
npe ips3999
txoj cai 1 tso cai ip qhov chaw 10.1.1.0 0.0.0.255 - Chaw ua haujlwm hauv zos network
#
txhab
service-scheme IPSEC
Txoj kev teeb tsa acl 3999
#
ipsec lus ipsec
esp authentication-algorithm sha2-256
esp encryption-algorithm aes-256
#
ike proposal default
encryption-algorithm aes-256
dh pab 2
authentication-algorithm sha2-256
authentication-txoj kev qhia ua ntej
kev ncaj ncees-algorithm hmac-sha2-256
prf hmac-sha2-256
#
ike peer ipsec
pre-shared-key yooj yim <Authentication password>
local-id-type fqdn
tej thaj chaw deb-id-type ip
tej thaj chaw deb-chaw nyob 62.141.99.183 -VPN hub Beeline
service-scheme IPSEC
config-pauv thov
config-exchange set txais
config-exchange set xa
#
ipsec profile ipsecprof
ike-peer ipsec
lus ipsec
#
Interface Tunnel0/0/0
IP chaw nyob 10.20.1.2 255.255.255.252 - Qhov chaw nyob
tunnel-txoj cai ipsec
qhov chaw GigabitEthernet0/0/1 -Internet nkag interface
ipsec profile ipsecprof
#
Txoj kev mus rau tus neeg siv khoom ntiag tug network nkag tau los ntawm Beeline VPN concentrator tuaj yeem teeb tsa tau zoo.ip txoj kev-static 192.168.0.0 255.255.255.0 Tunnel0/0/0
ip txoj kev-static 172.16.0.0 255.255.0.0 Tunnel0/0/0
Daim duab qhia kev sib txuas lus zoo li no:
Yog tias tus neeg siv khoom tsis muaj qee qhov piv txwv ntawm kev teeb tsa yooj yim, ces peb feem ntau pab nrog lawv tsim thiab ua rau lawv muaj rau txhua tus neeg.
Txhua yam uas tseem tshuav yog txuas CPE rau Is Taws Nem, ping rau cov lus teb ntawm VPN qhov thiab ib tus tswv tsev hauv VPN, thiab qhov ntawd yog nws, peb tuaj yeem xav tias qhov kev sib txuas tau ua tiav.
Nyob rau hauv tsab xov xwm tom ntej no peb yuav qhia koj yuav ua li cas peb muab cov tswv yim no nrog IPSec thiab MultiSIM Redundancy siv Huawei CPE: peb nruab peb Huawei CPE rau cov neeg siv khoom, uas tuaj yeem siv tsis tau tsuas yog ib lub xov tooj hauv Is Taws Nem, tab sis kuj muaj 2 SIM phaib sib txawv, thiab CPE. rov tsim kho IPSec-tunnel los ntawm wired WAN lossis los ntawm xov tooj cua (LTE # 1 / LTE # 2), paub txog kev ua txhaum siab ntawm qhov kev pabcuam tshwm sim.
Ua tsaug tshwj xeeb rau peb cov npoj yaig RnD rau kev npaj tsab xov xwm no (thiab, qhov tseeb, rau cov kws sau ntawv ntawm cov kev daws teeb meem no)!
Tau qhov twg los: www.hab.com