How to configure two routers using VPN
We are going to configure two router with two switches
Here is the example
we will do the pc conf first
Configure Router 1
Router#enable
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int f0/0
Router(config-if)#ip address 192.168.10.1 255.255.255.0
Router(config-if)#no shut
we should see the change with these result:
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
int f0/1
Router(config-if)#ip address 10.0.0.1 255.0.0.0
Router(config-if)#no shut
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
we can see it's up now
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
Router(config-if)#exit
Now we configure the router
Router(config)#router rip
Router(config-router)#network 192.168.10.0
Router(config-router)#network 10.0.0.0
Router(config-router)#exit
Router(config)#router rip
Router(config-router)#version 2
Router(config-router)#no auto-summary
Router(config-router)#exit
Now we do the encryption
Router(config)#crypto isakmp policy 10
Router(config-isakmp)#authentication pre-share
Router(config-isakmp)#hash sha
Router(config-isakmp)#encryption aes 256
Router(config-isakmp)#group 2
Router(config-isakmp)#lifetime 86400
Router(config-isakmp)#exit
Router(config)#crypto isakmp key toor address 10.0.0.2
( you can name toor however you want it, 10.0.0.2 is the target)
Router(config)#crypto ipsec transform-set tset esp-aes
call tset however you want it
Router(config)#crypto ipsec transform-set tset esp-aes esp-sha-hmac
Router(config)#access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
first source, second target
Router(config)#crypto map cmap 10 ipsec-isakmp
we name this cmap but you can call it however you want it
This new message pop up telling it need more config to do the encryption
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
Router(config-crypto-map)#set peer 10.0.0.2
Router(config-crypto-map)#match address 101
Router(config-crypto-map)#set transform-set tset
Router(config-crypto-map)#exit
Router(config)#int fa0/1
Router(config-if)#crypto map cmap
*Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
Router(config-if)#do wr
Building configuration...
[OK]
Router(config-if)#^Z
Router#
%SYS-5-CONFIG_I: Configured from console by console
Now we want to see the encryption
Router#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
IPv6 Crypto ISAKMP SA
Router#show crypto ipsec sa
interface: FastEthernet0/1
Crypto map tag: cmap, local addr 10.0.0.1
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.20.0/255.255.255.0/0/0)
current_peer 10.0.0.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 10.0.0.1, remote crypto endpt.:10.0.0.2
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/1
current outbound spi: 0x0(0)
Router#
Router#
Router#
Router#
Now repeat the process with the other Pc2 and router2 , change the values and you are done!
VPN Configuration : Cisco -CCNA
Reviewed by ohhhvictor
on
7:00 PM
Rating:
No comments: