You are on page 1of 22

Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer

http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 1/22
Enjoy your unlocked premium solution
Site To Site VPN in Packet Tracer
Asked by: jskfan
Solved by: Ernie Beek
Is it possible to simulate site to site VPN in Cisco Packet Tracer 5?
If so what is the configuration?
Thanks
Topics: Network Switches & Hubs, Network Routers
Comments: 24 ID: 26771028
Comments
Ernie Beek 2011-01-26 at 04:44:47 ID: 34701486
Should be:
https://learningnetwork.cisco.com/docs/DOC-
10756
Expert Comment
Jump to Answer
How It Works Browse Topics Join Today Login
Experts Exchange > Hardware > Networking Hardware > Switches / Hubs > Site To Site V P N in Packet Tracer
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 2/22
jskfan 2011-01-29 at 07:49:38 ID: 34741776
https://learningnetwork.cisco.com/docs/DOC-
10756
I did the exact copy paste. All pings work from
end to end.
but from Router0 and Router 1 ,when I run the
:Show crypto isakmp sa.
it doesn't show anything.
Router#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot
status
IPv6 Crypto ISAKMP SA
Router#
Ernie Beek 2011-01-29 at 08:59:26 ID: 34742020
Haven't had a change to install packet tracer
yet, so not sure if the routers 'get' these
commands.
debug crypto isakmp sa
debug crypto ipsec sa
Have a look if they come up with something
when setting up the VPN.
There should be a few more, try debug crypto ?
to see what they are.
jskfan 2011-01-30 at 04:33:59 ID: 34745385
Author Comment
Expert Comment
Author Comment
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 3/22
Nothing comes up through Debug.
I pasted below the isakmp policy and sa from
router0
Router#sh crypt isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot
status
IPv6 Crypto ISAKMP SA
Router#sh crypt isakmp policy
Global IKE policy
Protection suite of priority 1
encryption algorithm: AES - Advanced
Encryption Standard (128 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Pre-Shared Key
Diffie-Hellman group: #2 (1024 bit)
lifetime: 86400 seconds, no volume
limit
Default protection suite
encryption algorithm: DES - Data
Encryption Standard (56 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Rivest-Shamir-
Adleman Signature
Diffie-Hellman group: #1 (768 bit)
lifetime: 86400 seconds, no volume
limit
Router#
Router#
jskfan 2011-01-30 at 04:38:04 ID: 34745393
Author Comment
262 KB
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 4/22
jskfan 2011-01-30 at 04:39:36 ID: 34745397
the ping from pc to pc is successfull.
Ernie Beek 2011-01-30 at 06:53:12 ID: 34745725
So when you're pinging and there is a reply, you
don't see the tunnel with: sh crypt isakmp sa
That's strange, I just tried it mysellf:

vpn
vpn
Author Comment
Expert Comment
403 KB
Ptrace
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 5/22
Ernie Beek 2011-01-30 at 06:53:44 ID: 34745729
We might want to have a closer look at the
configs of your routers.
jskfan 2011-01-30 at 07:37:47 ID: 34745870
I will paste the config shortly
jskfan 2011-01-30 at 07:47:26 ID: 34745925
ROUTER1:
Router#sh run
Building configuration...
Current configuration : 975 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
Expert Comment
Author Comment
Author Comment
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 6/22
!
hostname Router
!
!
!
!
!
!
!
!
crypto isakmp policy 1
encr aes
group 2
!
crypto isakmp key 0 address 11.0.0.1
!
crypto ipsec security-association lifetime
seconds 86400
!
crypto ipsec transform-set yasser esp-aes esp-
sha-hmac
!
crypto map auda 100 ipsec-isakmp
set peer 11.0.0.1
set pfs group2
set security-association lifetime seconds 86400
set transform-set yasser
match address ramzy
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 11.0.0.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 12.0.0.1 255.255.255.0
duplex auto
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 7/22
speed auto
crypto map auda
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 10.0.0.0 255.0.0.0 11.0.0.1
!
!
ip access-list extended ramzy
permit ip 12.0.0.0 0.255.255.255 10.0.0.0
0.255.255.255
!
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end
=====
ROUTER0
Router#sh run
Building configuration...
Current configuration : 1001 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 8/22
!
!
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp key 0 address 11.0.0.2
!
crypto ipsec security-association lifetime
seconds 86400
!
crypto ipsec transform-set yasser esp-aes esp-
sha-hmac
!
crypto map auda 100 ipsec-isakmp
set peer 11.0.0.2
set pfs group2
set security-association lifetime seconds 86400
set transform-set yasser
match address ramzy
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 11.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.0.0.1 255.255.255.0
duplex auto
speed auto
crypto map auda
!
interface Vlan1
no ip address
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 9/22
shutdown
!
ip classless
ip route 12.0.0.0 255.0.0.0 11.0.0.2
!
!
ip access-list extended ramzy
permit ip 10.0.0.0 0.255.255.255 12.0.0.0
0.255.255.255
!
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end
Ernie Beek 2011-01-30 at 07:58:24 ID: 34746003
Router 1,
your router:
crypto isakmp policy 1
encr aes
group 2
my router:
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
jskfan 2011-01-30 at 08:27:08 ID: 34746126
Expert Comment
Author Comment
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 10/22
I have added the folowing command to
ROUTER0, but don't see the difference.
authentication pre-share
Ernie Beek 2011-01-30 at 08:47:02 ID: 34746208
It was router one ;)
jskfan 2011-01-30 at 09:03:35 ID: 34746266
ROUTER0
-------------
Router#sh run
Building configuration...
Current configuration : 1001 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp key 0 address 11.0.0.2
!
Expert Comment
Author Comment
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 11/22
crypto ipsec security-association lifetime
seconds 86400
!
crypto ipsec transform-set yasser esp-aes esp-
sha-hmac
!
crypto map auda 100 ipsec-isakmp
set peer 11.0.0.2
set pfs group2
set security-association lifetime seconds 86400
set transform-set yasser
match address ramzy
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 11.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.0.0.1 255.255.255.0
duplex auto
speed auto
crypto map auda
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 12.0.0.0 255.0.0.0 11.0.0.2
!
!
ip access-list extended ramzy
permit ip 10.0.0.0 0.255.255.255 12.0.0.0
0.255.255.255
!
!
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 12/22
!
!
!
line con 0
line vty 0 4
login
!
!
!
end
=======
ROUTER1
-------------
Router#sh run
Building configuration...
Current configuration : 1001 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp key 0 address 11.0.0.1
!
crypto ipsec security-association lifetime
seconds 86400
!
crypto ipsec transform-set yasser esp-aes esp-
sha-hmac
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 13/22
!
crypto map auda 100 ipsec-isakmp
set peer 11.0.0.1
set pfs group2
set security-association lifetime seconds 86400
set transform-set yasser
match address ramzy
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 11.0.0.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 12.0.0.1 255.255.255.0
duplex auto
speed auto
crypto map auda
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 10.0.0.0 255.0.0.0 11.0.0.1
!
!
ip access-list extended ramzy
permit ip 12.0.0.0 0.255.255.255 10.0.0.0
0.255.255.255
!
!
!
!
!
line con 0
line vty 0 4
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 14/22
login
!
!
!
end
Ernie Beek 2011-01-30 at 09:50:13 ID: 34746436
No, I meant add authentication pre-share to the
policy on router 1.
Ernie Beek 2011-01-30 at 09:52:06 ID: 34746451
Oh you did. My bad (watching on my phone)
Ernie Beek 2011-01-30 at 10:24:25 ID: 34746579
Back at my pc and it looks I need a pair of
glasses :-~
Router 0,
Your router:
interface FastEthernet0/0
ip address 11.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.0.0.1 255.255.255.0
duplex auto
speed auto
crypto map auda
Expert Comment
Expert Comment
Expert Comment
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 15/22
My router:
interface FastEthernet0/0
ip address 10.0.0.1 255.0.0.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 11.0.0.1 255.0.0.0
duplex auto
speed auto
crypto map auda
Router 1,
Your router:
interface FastEthernet0/0
ip address 11.0.0.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 12.0.0.1 255.255.255.0
duplex auto
speed auto
crypto map auda
My router:
interface FastEthernet0/0
ip address 12.0.0.1 255.0.0.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 11.0.0.2 255.0.0.0
duplex auto
speed auto
crypto map auda
And if that still doesn't work, try this:

7 KB
packet trace file
Was this the answer you needed?
No. Help me get my solution. Yes! This solved my problem.
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 16/22
It's a packet tracer file.......
jskfan 2011-02-01 at 07:09:48 ID: 34761820
what type of file is that?
how do I open it?
Ernie Beek 2011-02-01 at 08:12:54 ID: 34762488
Rename it to vpn-1.pkt Then you can open it in
packet tracer.
jskfan 2011-02-02 at 12:05:57 ID: 34775610
I have save your lab then opened it with packet
tracer.
I run :
sh crypto isakmp sa
on both routers and it doesn't show anything.
Ernie Beek 2011-02-02 at 12:07:37 ID: 34775632
Did you first started a ping from one pc to
vpn-1
Author Comment
250 EXCELLENT
Assisted Solution w
Author Comment
250 EXCELLENT
Accepted Solution w
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 17/22
another?
jskfan 2011-02-02 at 12:09:21 ID: 34775648
it shows something now, after I pingged from
PC1 to 10.0.0.1
Router#sh crypto isa sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot
status
11.0.0.1 11.0.0.2 QM_IDLE 1043 0
ACTIVE
IPv6 Crypto ISAKMP SA
jskfan 2011-02-02 at 12:10:16 ID: 34775656
Excellent work!!!!!!!
Ernie Beek 2011-02-02 at 12:11:40 ID: 34775669
Thanks, it was fun :)
Author Comment
Author Closing Comment
Expert Comment
Not finding the exact solution you need?
Ask the experts for One-on-One help.
30 day free trial. Cancel anytime.
Sign Up Free to Ask Your Question
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 18/22
Learn More about How It Works
Network Switches & Hubs Resources
JiJi Audit Reporter
jijitechnologies.com/AuditTools
Enables Tracking,Alerting,Reporting
(When,where,who,which
Domain&Why)
201407-LO-Qu-007
Experts Exchange powers
the
growth and success of
technology
professionals worldwide.
30 day free trial. Cancel anytime.
Learn More about How It Works
Try it Free
Overlay
and peer
to peer Vs
MPLS VPN
Ask a
Question
now

B
Simple Site
to Site VPN
with Cisco
PIX or ASA
Using GUI
and/or CLI

B
shoretel
and VPNs

B
site-to-site
vpn
troubleshoot
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 19/22
Related Solutions
Need more help?
We have over 3 million solutions here.
4. Packet Tracer Default Password?
5. Site to Site Sonicwall VPN
1. cisco packet tracer switch B
2. Connect Packet Tracer router to
internet
B
3. GNS3 Vs Cisco packet tracer B
6. Site to Site VPN Basics B
Search more solutions
Download the Experts Exchange
white paper
WARNING: Why You
Should Never Fix a
Computer for Free
Have you fallen into the classic
trap of offering pro-bono service
to friends or family? Learn why
working for free may be selling
you short.
Email Address
We will never share this with anyone.
Download Now
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 20/22
Deeper Switches / Hubs Learning
Develop your expertise with tips, tricks
and how to expert articles.
1. Backup SharePoint site collections and
sites with STSADM
3. How To Create and Manage a Site in
Dreamweaver
2. How to configure Site to Site VPN on
a Cisco ASA
B
4. Port configurations on Cisco Catalyst
switches
B
5. VPN: use default gateway AND B
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 21/22
Join Experts Exchange

About Experts Exchange

v How It works
r Solve
@ Learn
Q Network
@ For Business
Plans and
Pricing
M Resource
Library
Who We Are
U The Experts
Careers
Q Contact Us
@ Blog

Privacy Policy Terms of Use Help Site Map
1996-2014 Experts Exchange, LLC. All rights reserved. Covered by US Patent. Mobile Site
6. Web Site Blocker
access your local network
See more articles
See more video tutorials
Top Video Tutorials
Develop your skills with step by step
technical training tutorials.
Exchange 2013: Creating a Resource
Mailbox
Setting Up Basic WordPress SEO
Python Programming: If Statements
How to Create a Blueprint within VMware
vCloud Automatio
Connect to Amazon EC2 Instance Using
PuTTY
Ngy 9 thng 9 nm 2014 Site To Site VPN in Packet Tracer
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_26771028.html 22/22