Scribd Logo
Upload

Welcome to Scribd!

  • FlexVPN With VTI

    Uploaded by

    Ardit Vallja
    6 views2 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    ODT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as ODT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as odt, pdf, or txt
    6 views2 pages

    FlexVPN With VTI

    Uploaded by

    Ardit Vallja

    Copyright:

    © All Rights Reserved
    Download as ODT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as odt, pdf, or txt
    of 2

    1.

    5 FlexVPN with VTI between R5 and R16


    You have been asked to set up a secure link between the RTP branch and HQ. THe link will provide
    confidentiality and integrity for the traffic between supplicants in 5.2.38.0/24 network and intranet
    address space in DC3. Requirements:
    - FlexVPN VTI method must be used to establish security between R16 and R5
    - The securite tunnel must extednd the 192.168.100.0/24 network between SW7 and R4.

    Solution:
    R5:
    preconfig
    show ip int brief
    show run interface tunnel100

    R16:
    ping 172.16.100.5
    !
    crypto ikev2 keyring VPN
    peer R5
    address 10.10.100.5
    pre-shared-key cisco
    !
    crypto ikev2 profile default
    match identity remote address 10.10.100.5 255.255.255.255
    authentication local pre-share
    authentication remote pre-share
    keyring local VPN
    !
    interface tunnel100
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile default
    exit
    !
    pseudowire-class L2TP
    encapsulation lt2tpv3
    ip local interface tunnel100
    !
    inter gi3
    no shut
    no ip address
    xconnect 172.16.100.5 1001 encapsulation l2tpv3 pw-class L2TP
    !

    R5
    crypto ikev2 keyring VPN
    peer R5
    address 10.10.100.16
    pre-shared-key cisco
    !
    crypto ikev2 profile default
    match identity remote address 10.10.100.16 255.255.255.255
    authentication local pre-share
    authentication remote pre-share
    keyring local VPN
    !
    interface tunnel100
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile default
    exit
    !
    pseudowire-class L2TP
    encapsulation lt2tpv3
    ip local interface tunnel100
    !
    inter gi4
    no shut
    no shut
    no ip address
    xconnect 172.16.100.16 1001 encapsulation l2tpv3 pw-class L2TP
    !
    end
    wr

    Sw7:
    int gi0/1
    switchport host
    switchport acc vlan 308 (this is only for testig right here which will be removed in task 3.3).

    int vlan308
    no shut
    !
    show ip eigrp neighbors
    show xconnect all
    show crypto session
    !
    R5 and R16 shut and no shut int tunnel100!

    You might also like