Scribd
Upload
3 views5 pages

04 - WAN - LAB 11 - GRE OVER IPSEC VPN Extended

The document outlines the configuration of three Virtual PC (VPC) instances and three routers (R1, R2, R3) with NAT overload and OSPF routing. It also details the setup of GRE over IPSec tunnels between the routers and includes commands for verifying connectivity between VPCs and the ISP. Additionally, it provides steps for configuring IPSec security for the GRE tunnels.

Uploaded by

JamesLam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
3 views5 pages

04 - WAN - LAB 11 - GRE OVER IPSEC VPN Extended

The document outlines the configuration of three Virtual PC (VPC) instances and three routers (R1, R2, R3) with NAT overload and OSPF routing. It also details the setup of GRE over IPSec tunnels between the routers and includes commands for verifying connectivity between VPCs and the ISP. Additionally, it provides steps for configuring IPSec security for the GRE tunnels.

Uploaded by

JamesLam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

LAB 10

VPC1
ip 172.16.1.2 255.255.255.0 172.16.1.1
save

VPC2
ip 172.16.2.2 255.255.255.0 172.16.2.1
save

VPC3
ip 172.16.3.2 255.255.255.0 172.16.3.1
save

--------------------

Cấu hình NAT Overload

R1

en
conf t
hostname R1

!
interface Ethernet0/0
ip address 172.16.1.1 255.255.255.0
ip nat inside
no shut
!

interface Ethernet0/1
ip address 10.0.0.1 255.255.255.252
ip nat outside
no shut
!

ip nat inside source list 1 interface Ethernet0/1 overload


ip route 0.0.0.0 0.0.0.0 10.0.0.2
!
access-list 1 permit any

------

R2

en
conf t
hostname R2

!
interface Ethernet0/0
ip address 172.16.2.1 255.255.255.0
ip nat inside
no shut
!
interface Ethernet0/2
ip address 172.16.23.1 255.255.255.0
ip nat inside
no shut
!
interface Ethernet0/1
ip address 11.1.1.1 255.255.255.252
ip nat outside
no shut
!

ip nat inside source list 1 interface Ethernet0/1 overload


ip route 0.0.0.0 0.0.0.0 11.1.1.2
!
access-list 1 permit any

-----------------------

R3

en
conf t
hostname R3

!
interface Ethernet0/2
ip address 172.16.23.2 255.255.255.0
no shut
!
interface Ethernet0/0
ip address 172.16.3.1 255.255.255.0
no shut
!

----------------------

OSPF R2 R3

R2

conf t
router ospf 1
network 172.16.2.1 0.0.0.0 area 0
network 172.16.23.1 0.0.0.0 area 0
default-information originate

R3

conf t
router ospf 1
network 172.16.3.1 0.0.0.0 area 0
network 172.16.23.2 0.0.0.0 area 0
end

----------------------

Kiểm tra

VPC1, VPC2, VPC3 ping thấy 8.8.8.8


VPC2 ping thấy VPC3

VPC1 chưa ping thấy VPC2, VPC3

------------------------------------------

Cấu hình GRE over IPSec

R1

conf t
interface tunnel 0
tunnel source e0/1
tunnel destination 11.1.1.1
tunnel mode gre ip
ip address 172.16.12.1 255.255.255.0
exit

router ospf 1
network 172.16.12.1 0.0.0.0 area 0
network 172.16.1.1 0.0.0.0 area 0

----------

R2

conf t
interface tunnel 0
tunnel source e0/1
tunnel destination 10.0.0.1
tunnel mode gre ip
ip address 172.16.12.2 255.255.255.0
exit

router ospf 1
network 172.16.12.2 0.0.0.0 area 0

Kiểm tra

Các VPC1, VPC2, VPC3 ping thấy nhau

________________________________________

---------------------------------

Bổ sung IPSec

---------------

R1
crypto ipsec transform-set Cisco-trans ah-md5-hmac esp-aes
mode transport
exit

crypto isakmp policy 10


encryption 3des
authentication pre-share
group 2
exit

crypto isakmp key Cisco address 11.1.1.1

crypto ipsec profile CISCO


set transform-set Cisco-trans
exit

interface tunnel 0
tunnel protection ipsec profile CISCO
end

-----------------------

R2

conf t

crypto ipsec transform-set Cisco-trans ah-md5-hmac esp-aes


mode transport
exit

crypto isakmp policy 10


encryption 3des
authentication pre-share
group 2
exit

crypto isakmp key Cisco address 10.0.0.1

crypto ipsec profile CISCO


set transform-set Cisco-trans
exit

interface tunnel 0
tunnel protection ipsec profile CISCO
end

------------------------------------------------

Kiểm tra cấu hình

show crypto isakmp policy


show crypto isakmp sa
show crypto session

-------------------------------------------------
ISP

interface Loopback0
ip address 8.8.8.8 255.255.255.0
!
interface Ethernet0/0
ip address 10.0.0.2 255.255.255.252
!
interface Ethernet0/1
ip address 11.1.1.2 255.255.255.252
!

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy