Scribd
Upload
483 views19 pages

ISP Lab Tutorial - GNS3

The document provides instructions for configuring a GRE/IPSec VPN between three routers - R1, R2, and R3 - connected to an ISP router. The key steps are: 1. Configure GRE tunnels between each router pair with IP addresses to emulate WAN links. 2. Configure EIGRP routing to advertise networks over the GRE tunnels. 3. Configure pre-shared keys and IPSec policies on each router to encrypt the GRE tunnels including transform sets, ACLs and crypto maps. 4. Apply the crypto maps to the WAN interfaces and verify the VPN tunnels are established.

Uploaded by

Ceh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
483 views19 pages

ISP Lab Tutorial - GNS3

The document provides instructions for configuring a GRE/IPSec VPN between three routers - R1, R2, and R3 - connected to an ISP router. The key steps are: 1. Configure GRE tunnels between each router pair with IP addresses to emulate WAN links. 2. Configure EIGRP routing to advertise networks over the GRE tunnels. 3. Configure pre-shared keys and IPSec policies on each router to encrypt the GRE tunnels including transform sets, ACLs and crypto maps. 4. Apply the crypto maps to the WAN interfaces and verify the VPN tunnels are established.

Uploaded by

Ceh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 19

ISP Lab Tutorial 1

Start GNS3 and add 4 routers to lab with one in the middle. The middle router will
represent the internet. Although it is just one router, we will configure ip schemes on
different subnets to represent different ISPs. Connect the other 3 routers to the ISP
router with a serial cable. Enter Emulation mode, start the routers. Verify interfaces.
Configure the ISP router we just configure a small 30 bit subnet between ISP and
each of the three routers.

S0/0
S0/1

S0/0
R1

R2

S0/0

ISP
S0/2
S0/0

R3

ISP Lab Tutorial 1


Configure interface s0/0 with an ip address of 12.34.56.1/30 and enable the interface
with the no shut command.
Router# conf t
Router (config)# hostname ISP
ISP(config)# int s0/0
ISP(config-if)# description ***Connection to R1***
ISP(config-if)# ip address 12.34.56.1 255.255.255.252
ISP(config-if)# no shut
ISP(config)# int s0/1
ISP(config-if)# description ***Connection to R2***
ISP(config-if)# ip address 23.45.67.1 255.255.255.252
ISP(config-if)# no shut
ISP(config)# int s0/2
ISP(config-if)# description ***Connection to R3***
ISP(config-if)# ip address 34.56.78.1 255.255.255.252
ISP(config-if)# no shut

ISP Lab Tutorial 2


In Part 1 of the Internet lab tutorial, we created a virtual internet using gns3. We built
the infrastructure and configured a router to represent The Internet (ISP). This time,
you will add switches and configure the internet routers at each customer site.

S0/0

R1

SWITCH

S0/1

S0/0
SWITCH

R2

S0/0

ISP
S0/2
S0/0

R3

SWITCH

ISP Lab Tutorial 2


Router# conf t
Router(config)# hostname R1
R1(config)# no logging console
R1(config)# enable secret blindhog
R1(config)# line vty 0 4
R1(config-line)# password blindhog
R1(config-line)# login
R1(config-line)# line vty 5 15
R1(config-line)# password blindhog
R1(config-line)# login
R1(config)# interface f1/0
R1(config-if)# desc R1 LAN
R1(config-if)# ip address 192.168.1.1 255.255.255.0
R1(config-if)# no shut
R1(config)# interface s0/0
R1(config-if)# description Internet Connection
R1(config-if)# ip address 12.34.56.2 255.255.255.252
R1(config-if)# no shut
R1(config)# ip route 0.0.0.0 0.0.0.0 12.34.56.1
R1# ping 12.34.56.1

ISP Lab Tutorial 2


Router# conf t
Router(config)# hostname R2
R2(config)# no logging console
R2(config)# enable secret blindhog
R2(config)# line vty 0 4
R2(config-line)# password blindhog
R2(config-line)# login
R2(config-line)# line vty 5 15
R2(config-line)# password blindhog
R2(config-line)# login
R2(config)# interface f1/0
R2(config-if)# desc R2 LAN
R2(config-if)# ip address 192.168.2.1 255.255.255.0
R2(config-if)# no shut
R2(config)# interface s0/0
R2(config-if)# description Internet Connection
R2(config-if)# ip address 23.45.67.2 255.255.255.252
R2(config-if)# no shut
R2(config)# ip route 0.0.0.0 0.0.0.0 23.45.67.1
R2# ping 23.45.67.1
R2# ping 12.34.56.2

ISP Lab Tutorial 2


Router# conf t
Router(config)# hostname R3
R3(config)# no logging console
R3(config)# enable secret blindhog
R3(config)# line vty 0 4
R3(config-line)# password blindhog
R3(config-line)# login
R3(config-line)# line vty 5 15
R3(config-line)# password blindhog
R3(config-line)# login
R3(config)# interface f1/0
R3(config-if)# desc R3 LAN
R3(config-if)# ip address 192.168.3.1 255.255.255.0
R3(config-if)# no shut
R3(config)# interface s0/0
R3(config-if)# description Internet Connection
R3(config-if)# ip address 34.56.78.2 255.255.255.252
R3(config-if)# no shut
R3(config)# ip route 0.0.0.0 0.0.0.0 34.56.78.1
R3# ping 34.56.78.1
R3# ping 12.34.56.2
R3# ping 23.45.67.2

How to Configure a GRE / IPSec VPN


It is used when a customer needed to transmit IPX and mulitcast traffic over his
VPN. Primarily used of GRE/IPSec tunnels for transmitting internal routing protocol
over the internet. RIP, EIGRP or OSPF can be used over a GRE tunnel just as
thought it were a point to point circuit. It is also very useful for multicast music on
hold.
Configure R1: Setup GRE Infrastructure
Create a GRE Interface:
R1(config)# interface tunnel 0
R1(config-if)# description GRE Tunnel to router R2
R1(config-if)# ip address 192.168.200.1 255.255.255.0
Configure the Tunnel Source:
R1(config-if)# tunnel source 12.34.56.2
Configure the Tunnel Destination:
R1(config-if)# tunnel destination 23.45.67.2

How to Configure a GRE / IPSec VPN


Tunnel Interface to R3
R1(config)# interface tunnel 2
R1(config-if)# description GRE Tunnel to router R3
R1(config-if)# ip address 192.168.201.5 255.255.255.0
R1(config-if)# tunnel source 12.34.56.2
R1(config-if)# tunnel destination 34.56.78.2
R1(config-if)# router eigrp 100
R1(config-router)# no auto-summary
R1(config-router)# network 192.168.1.0
R1(config-router)# network 192.168.200.0
R1(config-router)# network 192.168.101.0

How to Configure a GRE / IPSec VPN


Configure R2
R2(config)# interface tunnel 0
R2(config-if)# description GRE Tunnel to router R1
R2(config-if)# ip address 192.168.200.2 255.255.255.0
R2(config-if)# tunnel source 23.45.67.2
R2(config-if)# tunnel destination 12.34.56.2
R2(config-if)# router eigrp 100
R2(config-router)# no auto-summary
R2(config-router)# network 192.168.2.0
R2(config-router)# network 192.168.200.0
R2# show ip route
R1# show ip route
R2# ping ip 192.168.1.1 source 192.168.2.1

How to Configure a GRE / IPSec VPN


Configure R3
R3(config)# interface tunnel 0
R3(config-if)# description GRE Tunnel to router R1
R3(config-if)# ip address 192.168.201.2 255.255.255.0
R3(config-if)# tunnel source 34.56.78.2
R3(config-if)# tunnel destination 12.34.56.2
R3(config-if)# router eigrp 100
R3(config-router)# no auto-summary
R3(config-router)# network 192.168.3.0
R3(config-router)# network 192.168.201.0
R3# show ip route

How to Configure a GRE / IPSec VPN


Configure R1 ISAKMP POLICY
R1(config)# crypto isakmp policy
R1(config-isakmp)# authentication pre-share
R1(config-isakmp)# group 5
R1(config-isakmp)# encryption aes
R1(config-isakmp)# hash sha
PRE-SHARED Between the Branches
R1(config)# crypto isakmp key 0 blindhog address 23.45.67.2
R1(config)# crypto isakmp key 0 blindhog address 34.56.78.2
IPSec Transform Set
R1(config)# crypto ipsec transform-set aes-sha esp-aes esp-sha-hmac

How to Configure a GRE / IPSec VPN


Configure ACL that Identify Traffic between R1 and R2
R1(config)# access-list 101 permit gre host 12.34.56.2 host 23.45.67.2
R1(config)# access-list 102 permit gre host 12.34.56.2 host 34.56.78.2
Configure Crypto Map
R1(config)# crypto map vpn 10 ipsec-isakmp
% Note: This new crypto map will remain disabled until a peer and a valid access list
have been configured.
R1(config-crypto-map)# desc VPN from R1 to R2
R1(config-crypto-map)# set peer 23.45.67.2
R1(config-crypto-map)# set transfrom-set aes-sha
R1(config-crypto-map)# match address 101
R1(config)# crypto map vpn 11 ipsec-isakmp
% Note: This new crypto map will remain disabled until a peer and a valid access list
have been configured.
R1(config-crypto-map)# desc VPN from R1 to R3
R1(config-crypto-map)# set peer 34.56.78.2
R1(config-crypto-map)# set transfrom-set aes-sha
R1(config-crypto-map)# match address 102

How to Configure a GRE / IPSec VPN


Apply Crypto Map to S0/0 Interface
R1(config)# interface s0/0
R1(config-if)# crypto map vpn
R1# term len 0

How to Configure a GRE / IPSec VPN


Configure R2 ISAKMP POLICY
R2(config)# crypto isakmp policy
R2(config-isakmp)# authentication pre-share
R2(config-isakmp)# group 5
R2(config-isakmp)# encryption aes
R2(config-isakmp)# hash sha
PRE-SHARED Between the Branches
R2(config)# crypto isakmp key 0 blindhog address 12.34.56.2
IPSec Transform Set
R2(config)# crypto ipsec transform-set aes-sha esp-aes esp-sha-hmac

How to Configure a GRE / IPSec VPN


Configure ACL that Identify Traffic between R1 and R2
R2(config)# access-list 100 permit gre host 23.45.67.2 host 12.34.56.2
Configure Crypto Map
R2(config)# crypto map vpn 10 ipsec-isakmp
% Note: This new crypto map will remain disabled until a peer and a valid access list
have been configured.
R2(config-crypto-map)# desc VPN from R2 to R1
R2(config-crypto-map)# set peer 12.34.56.2
R2(config-crypto-map)# set transfrom-set aes-sha
R2(config-crypto-map)# match address 100
Apply Crypto Map to S0/0 Interface
R2(config)# interface s0/0
R2(config-if)# crypto map vpn
R2# show crypto engine connect active
R2# show ip route

How to Configure a GRE / IPSec VPN


Configure R3 ISAKMP POLICY
R3(config)# crypto isakmp policy
R3(config-isakmp)# authentication pre-share
R3(config-isakmp)# group 5
R3(config-isakmp)# encryption aes
R3(config-isakmp)# hash sha
PRE-SHARED Between the Branches
R3(config)# crypto isakmp key 0 blindhog address 12.34.56.2
IPSec Transform Set
R3(config)# crypto ipsec transform-set aes-sha esp-aes esp-sha-hmac

How to Configure a GRE / IPSec VPN


Configure ACL that Identify Traffic between R1 and R3
R3(config)# access-list 100 permit gre host 34.56.78.2 host 12.34.56.2
Configure Crypto Map
R3(config)# crypto map vpn 10 ipsec-isakmp
% Note: This new crypto map will remain disabled until a peer and a valid access list
have been configured.
R3(config-crypto-map)# desc VPN from R2 to R1
R3(config-crypto-map)# set peer 12.34.56.2
R3(config-crypto-map)# set transfrom-set aes-sha
R3(config-crypto-map)# match address 100
Apply Crypto Map to S0/0 Interface
R3(config)# interface s0/0
R3(config-if)# crypto map vpn
R3# show crypto ipsec sa
R3# show crypto engine connect active
R3# show ip route

How to Configure a GRE / IPSec VPN


MTU Parameters
R1(config)# interface tunnel0
R1(config-if)# ip mtu 1500
%Warning: MTU set 1500 is greater than default 1476, fragments will happen
R1(config-if)# ip tcp adjust-mss 1400
R1(config-if)# keepalive 10 3
R1(config)# interface tunnel1
R1(config-if)# ip mtu 1500
%Warning: MTU set 1500 is greater than default 1476, fragments will happen
R1(config-if)# ip tcp adjust-mss 1400
R1(config-if)# keepalive 10 3

How to Configure a GRE / IPSec VPN


MTU Parameters
R2(config)# interface tunnel0
R2(config-if)# ip mtu 1500
%Warning: MTU set 1500 is greater than default 1476, fragments will happen
R2(config-if)# ip tcp adjust-mss 1400
R2(config-if)# keepalive 10 3
R3(config)# interface tunnel0
R3(config-if)# ip mtu 1500
%Warning: MTU set 1500 is greater than default 1476, fragments will happen
R3(config-if)# ip tcp adjust-mss 1400
R3(config-if)# keepalive 10 3

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy