Professional Documents
Culture Documents
PNETLAB Store
PNETLab.com
https://user.pnetlab.com/store/labs/detail?id=16033404912009
Lab Objective:
The objective of lab exercise is for you to learn and understand step-by-step config VPN site-to-
site.
1
Download PNETLab Platform
PNETLAB Store
PNETLab.com
Task:
1. Routing between R2, Internet, R4
2. Configure VPN IPSEC only on R2 and R4
+ Configure the ISAKMP policy required to establish IKE phase 1
+ Set key and peer
+ Configure IPSec policy to establish IKE phase 2
+ Create ACL to define which traffic should be sent though the IPSec tunnel.
+ Create crypto map to the outgoing interface of the VPN device.
+ Apply the crypto map to the outgoing interface.
Solution:
Task 1: Routing between R2, Internet, R4
- On R2:
Router ospf 100
Network 172.168.23.0 0.0.0.255 area 0
Network 192.168.12.0 0.0.0.255 area 0
- On Internet:
Router ospf 100
Network 172.168.23.0 0.0.0.255 area 0
Network 172.168.34.0 0.0.0.255 area 0
- On R4:
Router ospf 100
Network 172.168.34.0 0.0.0.255 area 0
Network 192.168.45.0 0.0.0.255 area 0
- On R1:
Ip route 0.0.0.0 0.0.0.0 192.168.12.2
- On R5:
Ip route 0.0.0.0 0.0.0.0 192.168.45.4
2
Download PNETLab Platform
PNETLAB Store
PNETLab.com
R2 R4
crypto isakmp policy 10 crypto isakmp policy 10
hash md5 hash md5
authentication pre-share authentication pre-share
group 2 group 2
encryption 3des encryption 3des
crypto isakmp key cisco address 172.168.34.4 crypto isakmp key cisco address 172.168.23.2
crypto ipsec transform-set myset esp-3des crypto ipsec transform-set myset esp-3des
esp-md5-hmac esp-md5-hmac
Verification:
R2#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
172.168.34.4 172.168.23.2 QM_IDLE 1001 ACTIVE
3
Download PNETLab Platform
PNETLAB Store
PNETLab.com
Wireshark: Check the results with packet capture using Wireshark over Internet area
transmission. Every packet is encoded as an ESP call and the actual source and destination
address of the packet has changed.