Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • VPN Site To Site Packet Tracer 5

    Загружено:

    Veldrin Mathias
    203 просмотров5 страниц
    vpn

    Оригинальное название

    VPN Site to Site Packet Tracer 5

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    vpn

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    203 просмотров5 страниц

    VPN Site To Site Packet Tracer 5

    Загружено:

    Veldrin Mathias
    vpn

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 5

    04/10/2015

    VPNsitetositepackettracer5.3labTheCiscoLearningNetwork

    Home>Certifications>Security(CCNASecurity)>IINSExam>Documents

    VPN site to site packet tracer 5.3 lab


    CreatedbyYasserRamzyAudaCCIER&S#45694,CCSI#34215,CCNPSecurityon19Dec201012:22.LastmodifiedbyYasser
    RamzyAudaCCIER&S#45694,CCSI#34215,CCNPSecurityon19Dec201012:42.

    firstofallyouneedtostudyWelltheconceptsofIPSec,VPNtypes,CRYPTOLOGYbeforeyoureadthisdocument
    Itsjustshowyouhowtotypetherightcommandsonbothroutersidesusingpackettracer5.3
    Wewillhavethefollowingtopology

    NoticeyouwillsetstaticroutebetweenthetworouterswhileonreallivebothwillconnectedthroughISPs

    forrouter1wewilltypethefollowingcommands:
    Router(config)#cryptoisakmpenable<===enableIPsec
    Router(config)#cryptoisakmppolicy1<===setnewpolicywithnumber1
    Router(configisakmp)#authenticationpreshare<===usingshredkeyauthenticationmethod(ifusecertification
    usersasiginsteadofpreshare)
    Router(configisakmp)#encryptionaes<===usesymmetricencryptionAES
    Router(configisakmp)#hashsha<===usehashalghorthimshafordataintegrity
    Router(configisakmp)#group2<===usediffehelmangroup2
    Router(configisakmp)#exit
    Router(config)#cryptoisakmpkey0address11.0.0.10.0.0.0<===0isthekeywillusedwithnextsite,nextsiteip
    address11.0.0.1andnoteonpackettraceryouuse0.0.0.0insteadofsubnetmask
    Router(config)#cryptoipsectransformsetyasserespaesespshahmac<===settransformsetcalledyasserand
    espistheprotocolwillbeused,ucanuseAHoninternalVPN
    Router(config)#cryptoipsecsecurityassociationlifetimeseconds86400<===keyexpireafter86400seconds
    Router(config)#ipaccesslistextendedramzy<===ACLcalledramzytotellwhich
    trafficwillusethevpntunnel
    Router(configextnacl)#permitip12.0.0.00.255.255.25510.0.0.00.255.255.255
    Router(configextnacl)#exit
    Router(config)#cryptomapauda100ipsecisakmp<===createcryptomapcalledaudawithseq
    number100
    %NOTE:Thisnewcryptomapwillremaindisableduntilapeer
    andavalidaccesslisthavebeenconfigured.
    Router(configcryptomap)#matchaddressramzy<===linkaboveACLtothiscryptomap
    Router(configcryptomap)#setpeer11.0.0.1<===linknextsiteipaddresstothiscrypto
    map
    Router(configcryptomap)#setpfsgroup2<===linkDHgroup2tothiscryptomap
    Router(configcryptomap)#settransformsetyasser<===linkabovetransformsettothis
    cryptomap
    Router(configcryptomap)#ex
    Router(config)#intfa0/1<===applycryptomapaudatointerfacefacethenextsitelink.
    Router(configif)#cryptomapauda
    *Jan307:16:26.785:%CRYPTO6ISAKMP_ON_OFF:ISAKMPisON
    Router(configif)#dowr
    Buildingconfiguration...
    [OK]
    Router(configif)#^Z
    Router#

    forrouter0wewilltypethefollowingcommands:
    Router(config)#cryptoisakmpenable
    Router(config)#cryptoisakmppolicy1
    Router(configisakmp)#authenticationpreshare
    Router(configisakmp)#encryptionaes
    Router(configisakmp)#group2
    Router(configisakmp)#hashsha
    Router(configisakmp)#exit

    https://learningnetwork.cisco.com/docs/DOC10756

    1/5

    04/10/2015

    VPNsitetositepackettracer5.3labTheCiscoLearningNetwork

    Router(config)#cryptoisakmpkey0address11.0.0.20.0.0.0
    Router(config)#cryptoipsectransformsetyasserespaesespshahmac
    Router(config)#cryptoipsecsecurityassociationlifetimeseconds86400
    Router(config)#ipaccesslistextendedramzy
    Router(configextnacl)#permitip10.0.0.00.255.255.25512.0.0.00.255.255.255
    Router(configextnacl)#exit
    Router(config)#cryptomapauda100ipsecisakmp
    %NOTE:Thisnewcryptomapwillremaindisableduntilapeer
    andavalidaccesslisthavebeenconfigured.
    Router(configcryptomap)#matchaddressramzy
    Router(configcryptomap)#setpeer11.0.0.2
    Router(configcryptomap)#setpfsgroup2
    Router(configcryptomap)#settransformsetyasser
    Router(configcryptomap)#exit
    Router(config)#interfacefastEthernet0/1
    Router(configif)#cryptomapauda
    *Jan307:16:26.785:%CRYPTO6ISAKMP_ON_OFF:ISAKMPisON
    Router(configif)#exit
    Router(config)#dowr
    Buildingconfiguration...
    [OK]
    Router(config)#

    nowletsgotorouter0anddosomeshowcommands:

    Router#showcryptoIsakmppolicy

    GlobalIKEpolicy
    Protectionsuiteofpriority1
    encryptionalgorithm:AESAdvancedEncryptionStandard(128bitkeys).
    hashalgorithm:SecureHashStandard
    authenticationmethod:PreSharedKey
    DiffieHellmangroup:#2(1024bit)
    lifetime:86400seconds,novolumelimit
    Defaultprotectionsuite
    encryptionalgorithm:DESDataEncryptionStandard(56bitkeys).
    hashalgorithm:SecureHashStandard
    authenticationmethod:RivestShamirAdlemanSignature
    DiffieHellmangroup:#1(768bit)
    lifetime:86400seconds,novolumelimit
    Router#

    Router#showcryptoisakmpsa
    IPv4CryptoISAKMPSA
    dstsrcstateconnidslotstatus
    11.0.0.111.0.0.2QM_IDLE10620ACTIVE

    IPv6CryptoISAKMPSA

    Router#

    Router#showcryptomap
    CryptoMapauda100ipsecisakmp
    Peer=11.0.0.1
    ExtendedIPaccesslistramzy
    accesslistramzypermitip12.0.0.00.255.255.25510.0.0.00.255.255.255
    Currentpeer:11.0.0.1
    Securityassociationlifetime:4608000kilobytes/86400seconds
    PFS(Y/N):Y
    Transformsets={
    yasser,
    }
    Interfacesusingcryptomapauda:
    FastEthernet0/1

    Router#

    Router#shcryptoipsectransformset
    Transformsetyasser:{{espaesespshahmac}
    willnegotiate={Tunnel,},

    https://learningnetwork.cisco.com/docs/DOC10756

    2/5

    04/10/2015

    VPNsitetositepackettracer5.3labTheCiscoLearningNetwork

    Router#

    nowletsmakepc0pingpc1

    Router#showcryptoipsecsa

    interface:FastEthernet0/1
    Cryptomaptag:auda,localaddr11.0.0.2

    protectedvrf:(none)
    localident(addr/mask/prot/port):(12.0.0.0/255.0.0.0/0/0)
    remoteident(addr/mask/prot/port):(10.0.0.0/255.0.0.0/0/0)
    current_peer11.0.0.1port500
    PERMIT,flags={origin_is_acl,}
    #pktsencaps:6,#pktsencrypt:6,#pktsdigest:0
    #pktsdecaps:5,#pktsdecrypt:5,#pktsverify:0
    #pktscompressed:0,#pktsdecompressed:0
    #pktsnotcompressed:0,#pktscompr.failed:0
    #pktsnotdecompressed:0,#pktsdecompressfailed:0
    #senderrors1,#recverrors0

    localcryptoendpt.:11.0.0.2,remotecryptoendpt.:11.0.0.1
    pathmtu1500,ipmtu1500,ipmtuidbFastEthernet0/1
    currentoutboundspi:0x12D96D50(316239184)

    inboundespsas:
    spi:0x590D14F4(1494029556)
    transform:espaesespshahmac,
    inusesettings={Tunnel,}
    connid:2004,flow_id:FPGA:1,cryptomap:auda
    satiming:remainingkeylifetime(k/sec):(4525504/86170)
    IVsize:16bytes
    replaydetectionsupport:N
    Status:ACTIVE

    inboundahsas:

    inboundpcpsas:

    outboundespsas:
    spi:0x12D96D50(316239184)
    transform:espaesespshahmac,
    inusesettings={Tunnel,}
    connid:2005,flow_id:FPGA:1,cryptomap:auda
    satiming:remainingkeylifetime(k/sec):(4525504/86170)
    IVsize:16bytes
    replaydetectionsupport:N
    Status:ACTIVE

    outboundahsas:

    outboundpcpsas:

    packettracerfile:

    yasserramzyauda
    CCNA,CCNAsecurity,CCNAvoice,CCDA,CCNP,CCIP,CCNPsecurity(CCSP).
    vpn1.pkt.zip
    7.0K

    Nosecuritypolicyviolationsfound.
    Thefilewaslastscanned6monthsago.
    Nosecuritypolicyviolationsfound.
    Thefilewaslastscanned6monthsago.

    116491Views

    Categories: Tags:

    https://learningnetwork.cisco.com/docs/DOC10756

    3/5

    04/10/2015

    VPNsitetositepackettracer5.3labTheCiscoLearningNetwork

    AverageUserRating
    (9ratings)

    MOSTLIKED

    8Comments

    sami24Nov201222:12

    ThankYouMr.yasser..^__^..
    Actions

    ChristianQuiroga01Mar201308:58

    Thanks
    Actions

    hpardo198707Apr201305:05

    Itriedusingthesesamesettings(differentIP's)witha2811inthemiddleactingastheinternet,madesureicouldpingall
    thewaythroughusingnatoverloadtoallthepublicfacingIP's,butnottowhereicouldpingtheprivateip'softheother
    network.Itriedtobuildthetunnelbutmyphase1isakmptunnelwontbuilditssapeer.....ifollowedyourconfigsexactly
    withadjustmentsformyIP's...willthisnotworkonpackettracerwithanotherrouteractingasacloud?ifanyonewantsto
    tryandhelpmeouticanemailthemthesavedfilefrompackettracer.
    Actions

    Rahul03Jun201409:53

    HI,

    Iamenteringtheipseccommand"Router(config)#cryptoipsectransformsetOESespaesespshahmac"
    butittakesmeintoasubcategeory"#Router(cfgcryptotrans)#"
    thisishappeingonacisco2911.
    butwheniusethiscommandonpatkettraceridontgetit.
    amidoingsomethingwrong
    Actions

    NetwrkRyan03Nov201409:40

    Goodwork!
    Actions

    danisimanjuntak30Mar201521:19

    Goodjob!
    Actions

    ganesh19Apr201508:05

    sirwhenigivecommandshowcryptoisakmpsa
    Router#shcrissa
    IPv4CryptoISAKMPSA
    dstsrcstateconnidslotstatus
    11.0.0.211.0.0.1QM_IDLE10440ACTIVE(deleted)

    Pv6CryptoISAKMPSAI

    andnotabletopinganotherpc
    Actions

    CARLOS27May201516:47

    https://learningnetwork.cisco.com/docs/DOC10756

    4/5

    04/10/2015

    VPNsitetositepackettracer5.3labTheCiscoLearningNetwork
    GreatWork!!!
    Actions

    Terms&Conditions

    PrivacyStatement

    CookiePolicy

    https://learningnetwork.cisco.com/docs/DOC10756

    Trademarks

    Languages

    Followus:

    5/5

    Вам также может понравиться