Scribd Logo
Upload

Welcome to Scribd!

  • Manual Lab 3

    Uploaded by

    nunezbarbakatherineromina
    8 views6 pages
    The document contains configuration steps for a switch, two routers, and setting up an IPsec VPN between the routers. It configures basic settings like interfaces, routing protocols, access control lists, ISAKMP policies, crypto maps, and verifies the IPsec security associations between the routers.

    Original Description:

    Original Title

    manual lab 3

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document contains configuration steps for a switch, two routers, and setting up an IPsec VPN between the routers. It configures basic settings like interfaces, routing protocols, access control lists, ISAKMP policies, crypto maps, and verifies the IPsec security associations between the routers.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    8 views6 pages

    Manual Lab 3

    Uploaded by

    nunezbarbakatherineromina
    The document contains configuration steps for a switch, two routers, and setting up an IPsec VPN between the routers. It configures basic settings like interfaces, routing protocols, access control lists, ISAKMP policies, crypto maps, and verifies the IPsec security associations between the routers.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 6

    Configuracion de Switch 1

    Switch>EN
    Switch#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    Switch(config)#int range f0/1-24
    Switch(config-if-range)#sh
    Switch(config-if-range)#int range g0/2
    Switch(config-if-range)#sh
    Switch(config-if-range)#int g0/1
    Switch(config-if)#swit
    Switch(config-if)#switchport mode trunk
    Switch(config-if)#int f0/1
    Switch(config-if)#swi
    Switch(config-if)#switchport mode acc
    Switch(config-if)#switchport mode access
    Switch(config-if)#switchport port-security mac-address sticky
    Switch(config-if)#switchport port-security violation sh
    Switch(config-if)#switchport port-security max
    % Incomplete command.
    Switch(config-if)#switchport port-security max
    Switch(config-if)#switchport port-security maximum 1
    Switch(config-if)#no sh
    Switch(config-if)#exit
    Switch(config)#line con
    Switch(config)#line console 0
    Switch(config-line)#pass cisco
    Switch(config-line)#login
    Switch(config-line)#exit
    Switch(config)#enable secret class
    Switch(config)#service password-encryption
    Switch(config)#banner motd 1
    Enter TEXT message. End with the character '1'.
    ****Access denied****
    Katherine Nunez
    1

    Switch(config)#line vty 0 15
    Switch(config-line)#pass
    Switch(config-line)#password cisco
    Switch(config-line)#login
    Switch(config-line)#exit
    Switch(config)#no ip domain lookup
    Configuracion del router 1

    Router(config)#int f0/0
    Router(config-if)#ip add 192.168.0.1 255.255.255.0
    Router(config-if)#no sh
    Router(config-if)#exit
    Router(config)#int g0/1
    %Invalid interface type and number
    Router(config)#no sh
    Router(config)#int s0/0/0
    Router(config-if)#ip add 10.1.1.2 255.255.255.252
    Router(config-if)#no sh

    %LINK-5-CHANGED: Interface Serial0/0/0, changed state to down


    Router(config-if)#exit
    Router(config)#line con 0
    Router(config-line)#pass cisco
    Router(config-line)#pass cisco
    Router(config-line)#login
    Router(config-line)#exit
    Router(config)#line vty 0 4
    Router(config-line)#pass cisco
    Router(config-line)#login
    Router(config-line)#exit
    Router(config)#line aux ?
    <0-0> First Line number
    Router(config)#line aux 0
    Router(config-line)#pass cisco
    Router(config-line)#login
    Router(config-line)#exit
    Router(config)#enable secr
    Router(config)#enable secret class
    Router(config)#passwo
    Router(config)#service pass
    Router(config)#service password-encryption
    Router(config)#host R1
    R1(config)#banner motd 1
    Enter TEXT message. End with the character '1'.
    ****Access denied****
    Katherine Nunez

    R1(config)#no ip do
    R1(config)#no ip doma
    R1(config)#no ip domain loo
    R1(config)#no ip domain lookup
    Configuracion rip ROUTER 1
    R1(config)#router rip
    R1(config-router)#v 2
    R1(config-router)#network
    % Incomplete command.
    R1(config-router)#network 192.168.0.0
    R1(config-router)#network 10.1.1.0
    Configuracion rip ROUTER 2
    R2#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    R2(config)#router rip
    R2(config-router)#net 192.168.1.0
    R2(config-router)#net 10.1.1.0
    R2(config-router)#net 10.2.2.0
    CONFIGURACION RIP DEL R3
    Enter configuration commands, one per line. End with CNTL/Z.
    R3(config)#router rip
    R3(config-router)#v 2
    R3(config-router)#net 192.168.2.0
    R3(config-router)#net 10.2.2.0

    VPN R1
    R1(config)#access-list 110 permit ip192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
    ^
    % Invalid input detected at '^' marker.
    R1(config)#access-list 110 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
    R1(config)#crypto
    % Incomplete command.
    R1(config)#crypto ?
    dynamic-map Specify a dynamic crypto map template
    ipsec Configure IPSEC policy
    isakmp Configure ISAKMP policy
    key Long term key operations
    map Enter a crypto map
    R1(config)#crypto isa
    % Incomplete command.
    R1(config)#crypto isakmp ?
    client Set client configuration policy
    enable Enable ISAKMP
    key Set pre-shared key for remote peer
    policy Set policy for an ISAKMP protection suite
    R1(config)#crypto isakmp
    % Incomplete command.
    R1(config)#crypto isa kmp ?
    % Unrecognized command
    R1(config)#crypto isa kmp
    ^
    % Invalid input detected at '^' marker.
    R1(config)#crypto isa kmp ?
    % Unrecognized command
    R1(config)#crypto isakmp ?
    client Set client configuration policy
    enable Enable ISAKMP
    key Set pre-shared key for remote peer
    policy Set policy for an ISAKMP protection suite
    R1(config)#crypto isakmp poli
    R1(config)#crypto isakmp policy 10
    R1(config-isakmp)#?
    authentication Set authentication method for protection suite
    encryption Set encryption algorithm for protection suite
    exit Exit from ISAKMP protection suite configuration mode
    group Set the Diffie-Hellman group
    hash Set hash algorithm for protection suite
    lifetime Set lifetime for ISAKMP security association
    no Negate a command or set its defaults
    R1(config-isakmp)#encri
    R1(config-isakmp)#encrip
    R1(config-isakmp)#encryp
    R1(config-isakmp)#encryption aes
    R1(config-isakmp)#aut
    R1(config-isakmp)#authentication pre
    R1(config-isakmp)#authentication pre-share
    R1(config-isakmp)#group 2
    R1(config-isakmp)#exit
    R1(config)#crypto isakmp key katyro address 10.2.2.2
    R1(config)#crypto ipsec transform-set vpn-set esp-3des esp-sah-hmac
    ^
    % Invalid input detected at '^' marker.
    R1(config)#crypto ipsec transform-set vpn-set esp-3des esp-sha-hmac
    R1(config)#crypto map vpn_s 10 ip
    R1(config)#crypto map vpn_s 10 ipsec-isakmp
    % NOTE: This new crypto map will remain disabled until a peer
    and a valid access list have been configured.
    R1(config-crypto-map)#set peer 10.2.2.2
    R1(config-crypto-map)#set transform-set vpn
    ERROR: transform set with tag vpn does not exist.
    R1(config-crypto-map)#set transform-set ?
    WORD Proposal tag
    R1(config-crypto-map)#set transform-set vpn-set
    R1(config-crypto-map)#match address 110
    R1(config-crypto-map)#exit
    R1(config)#int s0/0/0
    R1(config-if)#crypto map vpn_s
    *Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
    R1(config-if)#

    VPN R3
    R3(config)#access-list 110 permit ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255
    R3(config)#crypto isakmp policy 10
    R3(config-isakmp)#en
    R3(config-isakmp)#encryption aes
    R3(config-isakmp)#aun
    R3(config-isakmp)#aut
    R3(config-isakmp)#authentication pre
    R3(config-isakmp)#authentication pre-share
    R3(config-isakmp)#group 2
    R3(config-isakmp)#exit
    R3(config)#crypto is
    % Incomplete command.
    R3(config)#crypto iskmp key katyro address 10.1.1.2
    ^
    % Invalid input detected at '^' marker.
    R3(config)#crypto isakmp key katyaro address 10.1.1.2
    R3(config)#crypto ipsec transform-set vpn-set esp-3des esp-sha-hmac
    R3(config)#crypto map vpn_s 10 ipsec-isakmp
    % NOTE: This new crypto map will remain disabled until a peer
    and a valid access list have been configured.
    R3(config-crypto-map)#des
    R3(config-crypto-map)#description Conexion del router 3 hacia el 1
    R3(config-crypto-map)#perr
    ^
    % Invalid input detected at '^' marker.
    R3(config-crypto-map)#?
    description Description of the crypto map statement policy
    exit Exit from ISAKMP protection suite configuration mode
    match Match values.
    no Negate a command or set its defaults
    set Set values for encryption/decryption
    R3(config-crypto-map)#set peer 10.1.1.2
    R3(config-crypto-map)#set transform-set vpn-set
    R3(config-crypto-map)#match address 110
    R3(config-crypto-map)#exit
    R3(config)#int s0/0/0
    R3(config-if)#crypto map vpn_s
    *Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
    R3(config-if)#
    Para la verificacion
    R3#show crypto ipsec ?
    sa IPSEC SA table
    transform-set Crypto transform sets
    R3#show crypto ipsec sa

    interface: Serial0/0/0
    Crypto map tag: vpn_s, local addr 10.2.2.2

    protected vrf: (none)


    local ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)
    remote ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0)
    current_peer 10.1.1.2 port 500
    PERMIT, flags={origin_is_acl,}
    #pkts encaps: 3, #pkts encrypt: 3, #pkts digest: 0
    #pkts decaps: 3, #pkts decrypt: 3, #pkts verify: 0
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

    You might also like