Scribd Logo
Upload

Welcome to Scribd!

  • Configuring IPSec Lab

    Uploaded by

    ኣስፋ ሙሉ
    13 views3 pages

    Original Title

    Configuring IPSec lab

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    13 views3 pages

    Configuring IPSec Lab

    Uploaded by

    ኣስፋ ሙሉ

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 3

    Configuring IPSec.

    VPN Between Two Sites

    Take the below example for IPSec VPN configuration-

    R1 and R2 are our two routers running on two different branch offices, they want exchange
    confidential information between each other with a secure connection. So both should be
    configured for IPSec VPN which is a site-to-site VPN. Configuration is as following on both R1
    and R2-

    On R1-
    R1(config)#interface FastEthernet0/0
    R1(config-if)# ip address 172.10.1.1 255.255.255.0
    R1(config-if)#no shut

    R1(config)#interface Serial2/0
    R1(config-if)# ip address 192.168.12.1 255.255.255.252
    R1(config-if)#no shut
    R1(config-if)#crypto map ABBAS

    Note- ABBAS is the name of crypto map that is configured with


    ipsec-isakmp.

    R1(config)#access-list 111 permit ip 172.10.1.0 0.0.0.255


    172.30.1.0 0.0.0.255

    R1(config)#crypto isakmp policy 1


    encr aes 256
    authentication pre-share
    group 5
    lifetime 900
    crypto isakmp key XYZ address 192.168.23.2

    crypto ipsec security-association lifetime seconds 900

    crypto ipsec transform-set ABC esp-aes 256 esp-sha-hmac

    crypto map ABBAS 1 ipsec-isakmp


    set peer 192.168.23.2
    set transform-set ABC
    match address 111

    Create a default route towards ISP


    R1(config)#ip route 0.0.0.0 0.0.0.0 Serial2/0

    On R2
    R2(config)#interface FastEthernet0/0
    R2(config-if)#ip address 172.30.1.1 255.255.255.0
    R2(config-if)#no shut

    R2(config)#interface Serial2/0
    R2(config-if)#ip address 192.168.23.2 255.255.255.252
    R2(config-if)#no shut
    R2(config-if)#crypto map ABBAS

    Note- ABBAS is the name of crypto map that is configured with


    ipsec-isakmp.

    R2(config)#access-list 111 permit ip 172.30.1.0 0.0.0.255


    172.10.1.0 0.0.0.255

    R2(config)#crypto isakmp policy 1


    encr aes 256
    authentication pre-share
    group 5
    lifetime 900
    crypto isakmp key XYZ address 192.168.12.1

    crypto ipsec security-association lifetime seconds 900

    crypto ipsec transform-set ABC esp-aes 256 esp-sha-hmac


    crypto map ABBAS 1 ipsec-isakmp
     set peer 192.168.12.1
     set transform-set ABC
     match address 111

    Create a default route towards ISP


    R2(config)#ip route 0.0.0.0 0.0.0.0 Serial2/0

    Verification commands-
    show access-list
    show crypto-map
    show crypto isakmp sa
    show crypto ipsec sa

    You might also like