Lab 10-1: IPSEC Packet Tracer 1

Summary

The goal of this lab is to setup an IPSEC Site-to-Site VPN between Champlain and Middlebury.

Subnet Table

Name

Network Address

Subnet

Default Gateway

VTEL to Champlain

216.93.144.0

255.255.255.0

216.93.144.1

VTEL to Middlebury

140.230.18.0

255.255.255.0

140.230.18.1

Champlain Private

172.16.84.0

255.255.255.0

172.16.84.1

Middlebury Private

192.168.28.0

255.255.255.0

192.168.28.1

Steps:

Servers

Configure both servers to have proper gateway and IP address.

Champlain router

enable 
conf t
hostname champlain-router
! Interface setup for VTEL to Champlain
interface FastEthernet 0/0
ip address 216.93.144.2 255.255.255.0
no shutdown
! Interface setup for internal Champlain
interface FastEthernet 0/1
ip address 172.16.84.1 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 216.93.144.1
! Identify traffic to send through tunnel with access-list
access-list 101 permit ip 172.16.84.0 0.0.0.255 192.168.25.0 0.0.0.255 
! Configure IKE Phase 1 ISAKMP Policy on Champlain Router
crypto isakmp policy 10
encryption aes 256
authentication pre-share
group 5
exit
crypto isakmp key NET330 address 140.230.18.2
! Configure the IKE Phase 2 IPsec policy
!- Create the transform-set "VPN-SET"
crypto ipsec transform-set VPN-SET esp-aes esp-sha-hmac
!- Create the crypto map "VPN-MAP"
crypto map VPN-MAP 10 ipsec-isakmp
description VPN connection to Middlebury
set peer 140.230.18.2
set transform-set VPN-SET
match address 101
exit
! Configure the "crypto map" on the outgoing interface.
interface FastEthernet 0/0
crypto map VPN-MAP

Middlebury Router

enable 
conf t
hostname middlebury-router
! Interface setup for VTEL to Middlebury
interface FastEthernet 0/0
ip address 140.230.18.2 255.255.255.0
no shutdown
! Interface setup for internal Champlain
interface FastEthernet 0/1
ip address 192.168.25.1 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 140.230.18.1
! Identify traffic to send through tunnel with access-list
access-list 101 permit ip  192.168.25.0 0.0.0.255 172.16.84.0 0.0.0.255 
! Configure IKE Phase 1 ISAKMP Policy on Middlebury Router
crypto isakmp policy 10
encryption aes 256
authentication pre-share
group 5
exit
crypto isakmp key NET330 address 216.93.144.2
! Configure the IKE Phase 2 IPsec policy
!- Create the transform-set "VPN-SET"
crypto ipsec transform-set VPN-SET esp-aes esp-sha-hmac
!- Create the crypto map "VPN-MAP"
crypto map VPN-MAP 10 ipsec-isakmp
description VPN connection to Champlain
set peer 216.93.144.2
set transform-set VPN-SET
match address 101
exit
! Configure the "crypto map" on the outgoing interface.
interface FastEthernet 0/0
crypto map VPN-MAP

VTEL

enable
conf t
hostname vtel-router
! Interface setup for VTEL to Champlain
interface FastEthernet 0/0
ip address 216.93.144.1 255.255.255.0
no shutdown
! Interface setup for VTEL to Middlebury
interface FastEthernet 0/1
ip address 140.230.18.1 255.255.255.0
no shutdown

PreviousLab 9-2: Build a Network Challenge 2 - BGP NextLab 11-1: Access-Lists

Last updated 2 years ago

enable conf t hostname champlain-router ! Interface setup for VTEL to Champlain interface FastEthernet 0/0 ip address 216.93.144.2 255.255.255.0 no shutdown ! Interface setup for internal Champlain interface FastEthernet 0/1 ip address 172.16.84.1 255.255.255.0 no shutdown ip route 0.0.0.0 0.0.0.0 216.93.144.1 ! Identify traffic to send through tunnel with access-list access-list 101 permit ip 172.16.84.0 0.0.0.255 192.168.25.0 0.0.0.255 ! Configure IKE Phase 1 ISAKMP Policy on Champlain Router crypto isakmp policy 10 encryption aes 256 authentication pre-share group 5 exit crypto isakmp key NET330 address 140.230.18.2 ! Configure the IKE Phase 2 IPsec policy !- Create the transform-set "VPN-SET" crypto ipsec transform-set VPN-SET esp-aes esp-sha-hmac !- Create the crypto map "VPN-MAP" crypto map VPN-MAP 10 ipsec-isakmp description VPN connection to Middlebury set peer 140.230.18.2 set transform-set VPN-SET match address 101 exit ! Configure the "crypto map" on the outgoing interface. interface FastEthernet 0/0 crypto map VPN-MAP

enable conf t hostname middlebury-router ! Interface setup for VTEL to Middlebury interface FastEthernet 0/0 ip address 140.230.18.2 255.255.255.0 no shutdown ! Interface setup for internal Champlain interface FastEthernet 0/1 ip address 192.168.25.1 255.255.255.0 no shutdown ip route 0.0.0.0 0.0.0.0 140.230.18.1 ! Identify traffic to send through tunnel with access-list access-list 101 permit ip 192.168.25.0 0.0.0.255 172.16.84.0 0.0.0.255 ! Configure IKE Phase 1 ISAKMP Policy on Middlebury Router crypto isakmp policy 10 encryption aes 256 authentication pre-share group 5 exit crypto isakmp key NET330 address 216.93.144.2 ! Configure the IKE Phase 2 IPsec policy !- Create the transform-set "VPN-SET" crypto ipsec transform-set VPN-SET esp-aes esp-sha-hmac !- Create the crypto map "VPN-MAP" crypto map VPN-MAP 10 ipsec-isakmp description VPN connection to Champlain set peer 216.93.144.2 set transform-set VPN-SET match address 101 exit ! Configure the "crypto map" on the outgoing interface. interface FastEthernet 0/0 crypto map VPN-MAP

enable conf t hostname vtel-router ! Interface setup for VTEL to Champlain interface FastEthernet 0/0 ip address 216.93.144.1 255.255.255.0 no shutdown ! Interface setup for VTEL to Middlebury interface FastEthernet 0/1 ip address 140.230.18.1 255.255.255.0 no shutdown