This email address is being protected from spambots. You need JavaScript enabled to view it.
+212 661 233 909
VPN IPSEC ESP : Lab GNS3
Prerequisites:
If you’ve completed the previous lab; Lab:Redistributing Routing Protocols, then you should have a basic understanding of mutual route redistribution.
Objectif : To send L2 traffic over Internet, to have VLAN-to-VLAN connection between multi-sites with:
ISP Network components :
NB: We can't ping from PC1 to PC2 ==> Configuration of IPSec VPN
AgenceVoyage(Config)#crypto ipsec transform-set TstMrk esp-3des esp-md5-hmac
AgenceVoyage(Config)#crypto isakmp policy 1 AgenceVoyage(Config-isakmp)#encr 3des AgenceVoyage(Config-isakmp)#hash md5 AgenceVoyage(Config-isakmp)#authentication pre-share AgenceVoyage(Config-isakmp)#group 2 AgenceVoyage(Config-isakmp)#exit AgenceVoyage(Config)#crypto isakmp key pass!2013 address 209.65.39.2
AgenceVoyage(Config)#ip access-list extended ACL_VPN AgenceVoyage(config-ext-nacl)#remark [Comment: Pour VPN SITE TO SITE] AgenceVoyage(config-ext-nacl)#permit ip 192.168.24.0 0.0.0.255 192.168.39.0 0.0.0.255 AgenceVoyage(config-ext-nacl)#exit
AgenceVoyage(Config)#crypto map TSTMRKCMAP 1 ipsec-isakmp AgenceVoyage(config-crypto-map)#set peer 209.65.39.2 AgenceVoyage(config-crypto-map)#set transform-set TstMrk AgenceVoyage(config-crypto-map)#match address ACL_VPN AgenceVoyage(config-crypto-map)#exit
AgenceVoyage(Config)#interface Serial0/0 AgenceVoyage(config-if)#crypto map TSTMRKCMAP AgenceVoyage(config-if)#exit
AgenceVoyage(Config)#no access-list 101 permit ip 192.168.24.0 0.0.0.255 any AgenceVoyage(config)#access-list 101 deny ip 192.168.24.0 0.0.0.255 192.168.39.0 0.0.0.255 AgenceVoyage(config)#access-list 101 permit ip 192.168.24.0 0.0.0.255 any AgenceVoyage(config)#exit
AgenceMed(Config)#crypto ipsec transform-set TstMed esp-3des esp-md5-hmac
AgenceMed(Config)#crypto isakmp policy 1 AgenceMed(Config-isakmp)#encr 3des AgenceMed(Config-isakmp)#hash md5 AgenceMed(Config-isakmp)#authentication pre-share AgenceMed(Config-isakmp)#group 2 AgenceMed(Config-isakmp)#exit AgenceMed(Config)#crypto isakmp key pass!2013 address 209.65.24.2
AgenceMed(Config)#ip access-list extended ACL_VPN AgenceMed(config-ext-nacl)#remark [Comment: Pour VPN SITE TO SITE] AgenceMed(config-ext-nacl)#permit ip 192.168.39.0 0.0.0.255 192.168.24.0 0.0.0.255 AgenceMed(config-ext-nacl)#exit
AgenceMed(Config)#crypto map TSTMEDCMAP 1 ipsec-isakmp AgenceMed(config-crypto-map)#set peer 209.65.24.2 AgenceMed(config-crypto-map)#set transform-set TstMed AgenceMed(config-crypto-map)#match address ACL_VPN AgenceMed(config-crypto-map)#exit
AgenceMed(Config)#interface Serial0/0 AgenceMed(config-if)#crypto map TSTMEDCMAP AgenceMed(config-if)#exit
AgenceMed(Config)#no access-list 101 permit ip 192.168.39.0 0.0.0.255 any AgenceMed(config)#access-list 101 deny ip 192.168.39.0 0.0.0.255 192.168.24.0 0.0.0.255 AgenceMed(config)#access-list 101 permit ip 192.168.39.0 0.0.0.255 any AgenceMed(config)#exit
IPSec ESP Traffic