카테고리 없음
2일차 테스트-1
궁굼하다
2023. 7. 4. 15:48
728x90
반응형
VPC - 가상 네트워크 생성 (가상 ICT 센터 쪽 작업)
subnet 만들기
- 10.240.1.142
- 10.240.1.57
EC2 만들기
- On-Priemise-OpenServer
- On-Priemise-Server
보안 정책 만들기
인터넷 게이트웨이 만들기
- 10.240.1.0/24 대역
라우팅테이블 및 서브넷 만들고 연결하기
| vec-prd-bastion | 10.240.1.142 | 44.197.185.209 | ||
| 10.240.1.57 | 3.80.142.103 |
sudo -i
yum install openswan -y
vi /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
#
net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0sysctl -p
vi /et/ipsec.d.conf
vi /etc/ipsec.d/aws.confvi /etc/ipsec.d/aws.confconn Tunnel1 authby=secret auto=start left=%defaultroute leftid=44.197.185.209 right=54.180.164.218 type=tunnel ikelifetime=8h keylife=1h phase2alg=aes128-sha1;modp1024 ike=aes128-sha1;modp1024 keyingtries=%forever keyexchange=ike leftsubnet=10.240.0.0/16 rightsubnet=10.250.0.0/16 dpddelay=10 dpdtimeout=30 dpdaction=restart_by_peer
vi /etc/ipsec.d/aws.secrets44.197.185.209 54.180.164.218: PSK "pmWQJIAEXvGEZw.iC2LCLqLSFwJAv0Wx"
systemctl start ipsec
systemctl status ipsec
On-Premises DC쪽 결과
On-Premises DC에서 AWS VPC EC2 Instrance Ping 테스트
반응형