Professional Documents
Culture Documents
TUNNELING
R4
vrf definition B
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
ip vrf A
!
interface Ethernet0/0.54
encapsulation dot1Q 54
ip vrf forwarding A
ip address 10.220.54.4 255.255.255.0
!
interface Ethernet0/0.45
encapsulation dot1Q 45
vrf forwarding B
ip address 10.220.45.4 255.255.255.0
ipv6 address 2850:10:220:45::4/64
R5
vrf definition B
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
ip vrf A
!
interface Ethernet0/0.54
encapsulation dot1Q 54
ip vrf forwarding A
ip address 10.220.54.5 255.255.255.0
!
interface Ethernet0/0.45
encapsulation dot1Q 45
vrf forwarding B
ip address 10.220.45.5 255.255.255.0
ipv6 address 2850:10:220:45::5/64
Section 2: GRE
1. Crear una conexión GRE entre R4 y R7 considerando sus interfaces físicas como orígenes y destinos
2. Utilizar el segmento 1.1.1.0/24 como dirección del túnel
R4
R7
ip route 10.220.146.4 255.255.255.255 10.220.67.6
!
interface Tunnel0
ip address 1.1.1.7 255.255.255.0
tunnel source Ethernet0/0.67
tunnel destination 10.220.146.4
CHECK
R4#ping 1.1.1.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
R4#show int tu 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 1.1.1.4/24
MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Section 3: IPSEC
1. Genere una conexión VPN S2S entre R4 y R6 usando como PSK “cisco”
2. El trafico cifrado debe ser determinado por las interface loopback de ambos equipos
3. Considere la interface ETH0/0.146 como interfaces asociadas al tunnel
4. Utilice los algoritmos necesarios considerando que los SA deben durar 1 hora
R4
R6
CHECK
R6#show crypto ipsec sa | i ident|pkts
local ident (addr/mask/prot/port): (10.220.1.6/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.220.1.4/255.255.255.255/0/0)
#pkts encaps: 4, #pkts encrypt: 4, #pkts digest: 4
#pkts decaps: 4, #pkts decrypt: 4, #pkts verify: 4
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0