Follow americannetworkinstitute.ml

ads
test

VPN Configuration : Cisco -CCNA



How to configure two routers using VPN










We are going to configure two router with two switches
Here is the example


we will do the pc conf first




Configure Router 1


Router#enable
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int f0/0
Router(config-if)#ip address 192.168.10.1 255.255.255.0
Router(config-if)#no shut

we should see the change with these result:

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
int f0/1
Router(config-if)#ip address 10.0.0.1 255.0.0.0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
we can see it's up now
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

Router(config-if)#exit
Now we configure the router
Router(config)#router rip
Router(config-router)#network 192.168.10.0
Router(config-router)#network 10.0.0.0
Router(config-router)#exit
Router(config)#router rip
Router(config-router)#version 2
 Router(config-router)#no auto-summary
Router(config-router)#exit

Now we do the encryption

Router(config)#crypto isakmp policy 10
Router(config-isakmp)#authentication pre-share
Router(config-isakmp)#hash sha
Router(config-isakmp)#encryption aes 256
   
Router(config-isakmp)#group 2
Router(config-isakmp)#lifetime 86400
Router(config-isakmp)#exit

Router(config)#crypto isakmp key toor address 10.0.0.2
( you can name toor however you want it, 10.0.0.2 is the target)

Router(config)#crypto ipsec transform-set tset esp-aes
call tset however you want it

Router(config)#crypto ipsec transform-set tset esp-aes esp-sha-hmac
Router(config)#access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
first source, second target
Router(config)#crypto map cmap 10 ipsec-isakmp
we name this cmap but you can call it however you want it


This new message pop up telling it need more config to do the encryption
% NOTE: This new crypto map will remain disabled until a peer
        and a valid access list have been configured.
Router(config-crypto-map)#set peer 10.0.0.2
   
Router(config-crypto-map)#match address 101
Router(config-crypto-map)#set transform-set tset
Router(config-crypto-map)#exit
Router(config)#int fa0/1
Router(config-if)#crypto map cmap
*Jan  3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
Router(config-if)#do wr
Building configuration...
[OK]
Router(config-if)#^Z
Router#
%SYS-5-CONFIG_I: Configured from console by console


Now we want to see the encryption


Router#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id slot status

IPv6 Crypto ISAKMP SA

Router#show crypto ipsec sa

interface: FastEthernet0/1
    Crypto map tag: cmap, local addr 10.0.0.1

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
   remote  ident (addr/mask/prot/port): (192.168.20.0/255.255.255.0/0/0)
   current_peer 10.0.0.2 port 500
    PERMIT, flags={origin_is_acl,}
   #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
   #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
   #pkts compressed: 0, #pkts decompressed: 0
   #pkts not compressed: 0, #pkts compr. failed: 0
   #pkts not decompressed: 0, #pkts decompress failed: 0
   #send errors 0, #recv errors 0

     local crypto endpt.: 10.0.0.1, remote crypto endpt.:10.0.0.2
     path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/1
     current outbound spi: 0x0(0)

    
Router#
Router#
Router#
Router#

Now repeat the process with the other Pc2  and router2 , change the values and you are done!





VPN Configuration : Cisco -CCNA VPN Configuration : Cisco -CCNA Reviewed by ohhhvictor on 7:00 PM Rating: 5

No comments:

Powered by Blogger.