WAN Technologies

VPN lab
Tunneling
 VPN Virtual Private Network
 GRE Generic Routing Encapsulation
 Difference from nat
At first Router
 R1(conf)#int tunnel 1
 R1(conf-if)#ip address 172.16.1.1 255.255.255.0
 R1(conf-if)#tunnel destination 2.2.2.2
 R1(conf-if)#tunnel source g0/0
 R1(conf)#ip route 192.168.2.0 255.255.255.0
172.16.1.2
At the second Router
 R1(conf)#int tunnel 1
 R1(conf-if)#ip address 172.16.1.2 255.255.255.0
 R1(conf-if)#tunnel destination 1.1.1.1
 R1(conf-if)#tunnel source g0/0
 R1(conf)#ip route 192.168.1.0 255.255.255.0
172.16.1.1
VPN (encrypted )
 VPN site-to-site
 Isakmp protocol (Phase1:set policies)
 R1(conf)#crypto isakmp policy 1
 R1(conf-isakmp)#authentication pre-shared
 R1(conf-isakmp)#encryption aes 128
 R1(conf-isakmp)#group 5
 R1(conf-isakmp)#Hashing md5
VPN (first site)
 Life time for session
 R1(conf-isakmp)#lifetime 86400
 Phase2:(IKE) negotiation parameter to encrypt the data
 R1(conf)#crypto isakmp key cisco address 2.2.2.2
 R1(conf)#crypto ipsec transform-set cnds-set esp-aes esp-ah
 Phase3: (access-list to determine the traffic which apply
VPN +map)
 R1(config)#access-list 100 permit ip 192.168.2.0 0.0.0.255
192.168.4.0 0.0.0.255
 R1(conf)#int s0/0
 R1(config-if)#crypto map mymap
VPN (first site)
 R1(conf)#crypto map mymap 5 ipsec-isakmp
 R1(config-crypto-map)#set peer 2.2.2.2 (public ip
for the other branch)
 R1(config-crypto-map)#match address 100
 R1(config-crypto-map)#set transform-set cnds-set
note
 Must use dynamic route
 R1#show crypto isakmp sa
 R1#show crypto isakmp key
 R1#show crypto isakmp policy (default policy)
 R1#show crypto session
 R1#show crypto ipsec sa
 R1#show crypto ipsec transform-set
 R1#show crypto map
 R1#show access-list