Professional Documents
Culture Documents
Gre Over Ipsec VPN: Lab Topology
Gre Over Ipsec VPN: Lab Topology
PNETLAB Store
PNETLab.com
Lab Topology:
Please use the following topology to complete this lab exercise:
https://user.pnetlab.com/store/labs/detail?id=16037655085598
Lab Objectives:
The objective of lab exercise is for you to learn and understand step-by-step
config VPN site-to-site and config GRE over IPSec to increase security for local
network.
1
Download PNETLab Platform
PNETLAB Store
PNETLab.com
Task:
1. Configure tunnel GRE and assign addresses
2. Configure routing inside and outside network
3. Configure VPN IPSEC only on R2 and R4
+ Configure the ISAKMP policy required to establish IKE phase 1
+ Set key and peer
+ Configure IPSec policy to establish IKE phase 2
+ Create crypto profile to the outgoing interface of the VPN device.
+ Apply the crypto map to the outgoing interface.
+ No IPSec VPN configuration on INTERNET.
4. Verify result
Solution:
Task 1: Configure tunnel GRE and assign addresses
On R1:
Hostname R1
interface Ethernet0/0
ip address 192.168.12.1 255.255.255.0
On CE1 ( R2):
Hostname CE1
interface Ethernet0/0
ip address 192.168.12.2 255.255.255.0
interface Ethernet0/1
ip address 1.1.1.1 255.255.255.0
!
interface Tunnel0
ip address 10.10.10.1 255.255.255.0
tunnel source Ethernet0/1
tunnel destination 2.2.2.4
On Internet :
Hostname Internet
2
Download PNETLab Platform
PNETLAB Store
PNETLab.com
interface Ethernet0/0
no shutdown
ip address 1.1.1.2 255.255.255.0
!
interface Ethernet0/1
ip address 2.2.2.2 255.255.255.0
no shutdown
On CE2:
Hostname CE2
interface Ethernet0/0
ip address 2.2.2.4 255.255.255.0
no shutdown
!
interface Ethernet0/1
ip address 192.168.45.4 255.255.255.0
no shutdown
!
interface Tunnel0
ip address 10.10.10.2 255.255.255.0
tunnel source Ethernet0/0
tunnel destination 1.1.1.1
On R5:
Hostname R5
interface Ethernet0/0
ip address 192.168.45.5 255.255.255.0
no shutdown
router eigrp 10
3
Download PNETLab Platform
PNETLAB Store
PNETLab.com
interface: Tunnel0
Crypto map tag: Tunnel0-head-0, local addr 1.1.1.1
5
Download PNETLab Platform
PNETLAB Store
PNETLab.com
6
Download PNETLab Platform
PNETLAB Store
PNETLab.com
On R5:
R5#ping 192.168.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/5 ms
Check the results with packet capture using Wireshark over Internet area
transmission. Every packet is encoded as an ESP call and the actual source and
destination address of the packet has changed.
7
Download PNETLab Platform
PNETLAB Store
PNETLab.com