Scribd
Upload
12 views16 pages

GRE Over IPsec & Configuartion

The document details the configuration of routers for two sites (Site-A and Site-B) using GRE tunnels and IPSec for secure communication. It includes specific commands for setting up interfaces, IP addresses, routing, and encryption policies. Successful ping tests confirm connectivity between the sites and the proper functioning of the configured tunnels.

Uploaded by

bruceamisi1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
12 views16 pages

GRE Over IPsec & Configuartion

The document details the configuration of routers for two sites (Site-A and Site-B) using GRE tunnels and IPSec for secure communication. It includes specific commands for setting up interfaces, IP addresses, routing, and encryption policies. Successful ping tests confirm connectivity between the sites and the proper functioning of the configured tunnels.

Uploaded by

bruceamisi1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

Sayed Hamza Jilllani

GRE & IPSec LAB

ISP(config)#int f 0/0
ISP(config-if)#ip add 1.0.0.2 255.255.255.252
ISP(config-if)#no
shutdown ISP(config-
if)#exit ISP(config)#int
f 1/0
ISP(config-if)#ip add 2.0.0.1 255.255.255.252
ISP(config-if)#no shutdown
ISP(config-if)#exit

Site-A(config)#int f 0/0
Site-A(config-if)#ip add 1.0.0.1 255.255.255.252
Site-A(config-if)#no shutdown
Site-A(config-
if)#exit Site-
Software / Network Engineer whatsapp : +923059299396
Sayed Hamza Jilllani

A(config)#int f 2/0
Site-A(config-if)#ip add 10.0.0.1 255.0.0.0
Site-A(config-if)#no shutdown
Site-A(config-if)#exit
Site-A(config)#ip route 2.0.0.0 255.255.255.252 1.0.0.2

Site-B(config)#int f 1/0
Site-B(config-if)#ip add 2.0.0.2 255.255.255.252
Site-B(config-if)#no shutdown
Site-B(config-if)#exit
Site-B(config)#int f
2/0
Site-B(config-if)#ip add 172.16.0.1 255.255.0.0
Site-B(config-if)#no shutdown
Site-B(config-if)#exit
Site-B(config)#ip route 1.0.0.0 0255.255.255.252 2.0.0.1
.

Software / Network Engineer whatsapp : +923059299396


Sayed Hamza Jilllani

Site-B#ping 1.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 96/114/136
ms Site-B#

Site-A#ping 2.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/67/88
ms Site-A#

Site-A(config)#int tunnel 1
Site-A(config-if)#ip add 192.168.0.1 255.255.255.252
Site-A(config-if)#tunnel source fastEthernet 0/0
Site-A(config-if)#tunnel destination 2.0.0.2
Site-A(config-if)#exit

Software / Network Engineer whatsapp : +923059299396


Sayed Hamza Jilllani

Site-B(config)#int tunnel 1
Site-B(config-if)#ip add 192.168.0.2 255.255.255.252
Site-B(config-if)#tunnel source fastEthernet 1/0
Site-B(config-if)#tunnel destination 1.0.0.1
Site-B(config-if)#exit

Site-B#ping 192.168.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/52/64
ms Site-B#

Site-A#ping 192.168.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/56/88
ms Site-A#

Software / Network Engineer whatsapp : +923059299396


Sayed Hamza Jilllani

Site-A(config)#router eigrp 1
Site-A(config-router)#network 10.0.0.0 255.0.0.0
Site-A(config-router)#network 192.168.0.0 255.255.255.252
Site-A(config-router)#exit

Site-B(config)#router eigrp 1
Site-B(config-router)#network 172.16.0.0 255.255.0.0
Site-B(config-router)#network 192.168.0.0 255.255.255.252
Site-B(config-router)#exit

PC1> ping 172.16.0.2


84 bytes from 172.16.0.2 icmp_seq=1 ttl=62
time=93.159 ms 84 bytes from 172.16.0.2 icmp_seq=2
ttl=62 time=90.616 ms 84 bytes from 172.16.0.2
icmp_seq=3 ttl=62 time=93.011 ms 84 bytes from
172.16.0.2 icmp_seq=4 ttl=62 time=91.077 ms 84 bytes
from 172.16.0.2 icmp_seq=5 ttl=62 time=92.142 ms
PC1>

PC2> ping 10.0.0.2


84 bytes from 10.0.0.2 icmp_seq=1 ttl=62
time=91.714 ms 84 bytes from 10.0.0.2 icmp_seq=2
ttl=62 time=73.623 ms 84 bytes from 10.0.0.2
Software / Network Engineer whatsapp : +923059299396
Sayed Hamza Jilllani

icmp_seq=3 ttl=62 time=77.463 ms 84 bytes from


10.0.0.2 icmp_seq=4 ttl=62 time=88.290 ms 84 bytes
from 10.0.0.2 icmp_seq=5 ttl=62 time=91.995 ms
PC2>

Software / Network Engineer whatsapp : +923059299396


Sayed Hamza Jilllani

IPSec Configuration
Site-A(config)#crypto isakmp policy 5
Site-A(config-isakmp)#encryption aes
Site-A(config-isakmp)#authentication pre-share
Site-A(config-isakmp)#group 2
Site-A(config-isakmp)#exit

Site-A(config)#crypto isakmp key corvit address 0.0.0.0 0.0.0.0


Site-A(config)#crypto ipsec transform-set TEST esp-aes esp-sha-hmac
Site-A(cfg-crypto-trans)#mode transport
Site-A(cfg-crypto-trans)#exit

Site-A(config)#ip access-list extended


GRE Site-A(config-ext-nacl)#permit
gre any any Site-A(config-ext-
nacl)#exit

Site-A(config)#crypto map VPN 10 ipsec-


isakmp Site-A(config-crypto-map)#match
address GRE Site-A(config-crypto-map)#set
transform-set TEST Site-A(config-crypto-
map)#set peer 2.0.0.2
Site-A(config-crypto-map)#exit
Site-A(config)#int fast 0/0
Software / Network Engineer whatsapp : +923059299396
Sayed Hamza Jilllani

Site-A(config-if)#crypto map VPN


Site-A(config-if)#end

Site-B(config)#crypto isakmp policy 5


Site-B(config-isakmp)#encryption aes
Site-B(config-isakmp)#authentication pre-share
Site-B(config-isakmp)#group 2
Site-B(config-isakmp)#exit

Site-B(config)#crypto isakmp key corvit address 0.0.0.0 0.0.0.0


Site-B(config)#crypto ipsec transform-set TEST esp-aes esp-sha-hmac
Site-B(cfg-crypto-trans)#mode transport
Site-B(cfg-crypto-trans)#exit

Site-B(config)#ip access-list extended


GRE Site-B(config-ext-nacl)#permit
gre any any Site-B(config-ext-
nacl)#exit

Site-B(config)#crypto map VPN 10 ipsec-


isakmp Site-B(config-crypto-map)#match
address GRE Site-B(config-crypto-map)#set
transform-set TEST Site-B(config-crypto-
map)#set peer 1.0.0.1
Software / Network Engineer whatsapp : +923059299396
Sayed Hamza Jilllani

Site-B(config-crypto-map)#exit

Software / Network Engineer whatsapp : +923059299396


Sayed Hamza Jilllani

Site-B(config)#int fast 1/0


Site-B(config-if)#crypto map VPN
Site-B(config-if)#end

PC1> ping 172.16.0.2


84 bytes from 172.16.0.2 icmp_seq=1 ttl=62
time=76.821 ms 84 bytes from 172.16.0.2 icmp_seq=2
ttl=62 time=77.520 ms 84 bytes from 172.16.0.2
icmp_seq=3 ttl=62 time=73.741 ms 84 bytes from
172.16.0.2 icmp_seq=4 ttl=62 time=71.795 ms 84 bytes
from 172.16.0.2 icmp_seq=5 ttl=62 time=73.162 ms
PC1>

PC2> ping 10.0.0.2


84 bytes from 10.0.0.2 icmp_seq=1 ttl=62
time=90.694 ms 84 bytes from 10.0.0.2 icmp_seq=2
ttl=62 time=69.079 ms 84 bytes from 10.0.0.2
icmp_seq=3 ttl=62 time=74.925 ms 84 bytes from
10.0.0.2 icmp_seq=4 ttl=62 time=75.766 ms 84 bytes
from 10.0.0.2 icmp_seq=5 ttl=62 time=72.034 ms
PC2>

Site-A#show crypto isakmp sa


IPv4 Crypto ISAKMP SA

Software / Network Engineer whatsapp : +923059299396


Sayed Hamza Jilllani

dst src state conn-id status


2.0.0.2 1.0.0.1 QM_IDLE 1002 ACTIVE
1.0.0.1 2.0.0.2 QM_IDLE 1001 ACTIVE
IPv6 Crypto
ISAKMP SA Site-A#

Site-A#show crypto ipsec sa


interface: FastEthernet0/0
Crypto map tag: VPN, local addr 1.0.0.1
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/47/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/47/0)
current_peer 2.0.0.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 88, #pkts encrypt: 88, #pkts digest: 88
#pkts decaps: 88, #pkts decrypt: 88, #pkts verify: 88

Software / Network Engineer whatsapp : +923059299396


Sayed Hamza Jilllani

LAB
!Router ISP
Conf t
hostname ISP
int f 0/0
ip add 1.0.0.2 255.255.255.252
no shutdown
exit
int f 1/0
ip add 2.0.0.1 255.255.255.252
no shutdown
exit

!Site-A Router
conf t
hostname Site-
A int f 0/0
ip add 1.0.0.1 255.255.255.252
no shutdown
exit
int f 2/0
ip add 10.0.0.1 255.0.0.0
no shutdown
exit
Software / Network Engineer whatsapp : +923059299396
Sayed Hamza Jilllani

ip route 2.0.0.0 255.255.255.252 1.0.0.2

!Site-B Router
conf t
hostname Site-
B int f 1/0
ip add 2.0.0.2 255.255.255.252
no shutdown
exit
int f 2/0
ip add 172.16.0.1 255.255.0.0
no shutdown
exit
ip route 1.0.0.0 0255.255.255.252 2.0.0.1

!Site-A Router
int tunnel 1
ip add 192.168.0.1 255.255.255.252
tunnel source fastEthernet 0/0
tunnel destination 2.0.0.2
exit

Software / Network Engineer whatsapp : +923059299396


Sayed Hamza Jilllani

!Site-B Router
int tunnel 1
ip add 192.168.0.2 255.255.255.252
tunnel source fastEthernet 1/0
tunnel destination 1.0.0.1
exit

!Site-A Router
router eigrp 1
network 10.0.0.0 255.0.0.0
network 192.168.0.0 255.255.255.252
exit

!site-B Router
router eigrp 1
network 172.16.0.0 255.255.0.0
network 192.168.0.0 255.255.255.252
exit

!Site-A Router IPSec configuraiton


crypto isakmp policy 5
encryption aes
authentication pre-share
group 2
Software / Network Engineer whatsapp : +923059299396
Sayed Hamza Jilllani

exit
crypto isakmp key corvit address 0.0.0.0 0.0.0.0
crypto ipsec transform-set TEST esp-aes esp-sha-
hmac mode transport
exit
ip access-list extended GRE
permit gre any any
exit
crypto map VPN 10 ipsec-
isakmp match address GRE
set transform-set
TEST set peer
2.0.0.2
exit
int fast 0/0
crypto map
VPN end

Software / Network Engineer whatsapp : +923059299396


Sayed Hamza Jilllani

!Site-B Router IPSec configuraiton


crypto isakmp policy 5
encryption aes
authentication pre-share
group 2
exit
crypto isakmp key corvit address 0.0.0.0 0.0.0.0
crypto ipsec transform-set TEST esp-aes esp-sha-
hmac mode transport
exit
ip access-list extended GRE
permit gre any any
exit
crypto map VPN 10 ipsec-
isakmp match address GRE
set transform-set
TEST set peer
1.0.0.1
exit
int fast 1/0
crypto map
VPN end

Software / Network Engineer whatsapp : +923059299396

You might also like