7/25/2019 7.3.2.8 Packet Tracer - Configuring GRE Over IPsec Instructions.docx

1/5

Packet Tracer Configuring GRE over IPsec (Optional)

Topology

Addressing Tale

!evice Interface IP Address "unet #ask !efault Gate$ay

R1 G0/0 10.0.0.1 255.0.0.0 N/A

S0/0/0 209.165.118.2 255.255.255.252 N/A

Tunnel 0 192.168.0.1 255.255.255.252 N/A

Tunnel 1 192.168.0.5 255.255.255.252 N/A

R2 G0/0 172.16.0.1 255.255.252.0 N/A

S0/0/0 64.100.13.2 255.255.255.252 N/A

Tunnel 0 192.168.0.2 255.255.255.252 N/A

R3 G0/0 172.16.4.1 255.255.252.0 N/A

S0/0/0 64.102.46.2 255.255.255.252 N/A

Tunnel 0 192.168.0.6 255.255.255.252 N/A

Server1 NIC 10.0.0.2 255.0.0.0 10.0.0.1

L2 NIC 172.16.0.2 255.255.252.0 172.16.0.1

PC3 NIC 172.16.4.2 255.255.252.0 172.16.4.1

O%ectives

Part &' erify Router Connectivity

Part ' Enale "ecurity *eatures

Part +' Configure IP"ec Para,eters

2013 Ci!" #n$/"r i% #&&ili#%e. All ri'(% reerve$. T(i $"!u)en% i Ci!" Pu*li!. P#'e &"& -

7/25/2019 7.3.2.8 Packet Tracer - Configuring GRE Over IPsec Instructions.docx

2/5

Packet Tracer Configuring GRE Over IPsec (Optional)

Part .' Configure GRE Tunnels over IP"ec

Part -' erify Connectivity

"cenario

+"u #re %(e ne%,"r- #$)ini%r#%"r &"r # !")#n ,(i!( ,#n% %" e% u # GR %unnel "ver IPe! %" re)"%e

"&&i!e. All ne%,"r- #re l"!#ll !"n&i'ure$ #n$ nee$ "nl %(e %unnel #n$ %(e en!r%i"n !"n&i'ure$.

Part &' erify Router Connectivity

"tep &' Ping R and R+ fro, R&/

#. r") R& in' %(e IP #$$re "& S0/0/0 "n R/

*. r") R& in' %(e IP #$$re "& S0/0/0 "n R+/

"tep ' Ping "erver& fro, 0 and PC+/

A%%e)% %" in' %(e IP #$$re "& "erver&&r") 0. e ,ill ree#% %(i %e% #&%er !"n&i'urin' %(e GR %unnel"ver IPe!. (#% ,ere %(e in' reul% (

"tep +' Ping PC+ fro, 0/

A%%e)% %" in' %(e IP #$$re "& PC+&r") 0. e ,ill ree#% %(i %e% #&%er !"n&i'urin' %(e GR %unnel "verIPe!. (#% ,ere %(e in' reul% (

Part ' Enale "ecurity *eatures

"tep &' Activate securityk1 ,odule/

T(e Se!uri% Te!(n"l"' P#!-#'e li!ene )u% *e en#*le$ %" !")le%e %(i #!%ivi%.

#. Iue %(e s2o$ version !"))#n$ in %(e uer C "r rivile'e$ C )"$e %" veri& %(#% %(e Se!uri%Te!(n"l"' P#!-#'e li!ene i #!%iv#%e$.

----------------------------------------------------------------

Technology Technology-package Technology-package

Current Type Next reboot

-----------------------------------------------------------------

ipbase ipbasek9 Permanent ipbasek9

security None None None

uc None None None

data None None None

Configuration register is 0x2102

*. I& n"% #!%iv#%e %(e securityk1)"$ule &"r %(e ne% *""% "& %(e r"u%er #!!e% %(e li!ene #ve %(e!"n&i'ur#%i"n #n$ re*""%.

1!config"# license boot module c2900 technology-package securityk9

$%ccept the &icense'

1!config"# end

1# copy running-config startup-config

2013 Ci!" #n$/"r i% #&&ili#%e. All ri'(% reerve$. T(i $"!u)en% i Ci!" Pu*li!. P#'e "& -

7/25/2019 7.3.2.8 Packet Tracer - Configuring GRE Over IPsec Instructions.docx

3/5

Packet Tracer Configuring GRE Over IPsec (Optional)

1# reload

!. A&%er %(e rel"#$in' i !")le%e$ iue %(e s2o$ version #'#in %" veri& %(e Se!uri% Te!(n"l"'P#!-#'e li!ene #!%iv#%i"n.

Technology Package &icense (nformation for )odule*+c2900+

----------------------------------------------------------------Technology Technology-package Technology-package

Current Type Next reboot

-----------------------------------------------------------------

ipbase ipbasek9 Permanent ipbasek9

security securityk9 ,aluation securityk9

uc None None None

data None None None

$. Ree#% S%e 1# %" 1! ,i%( R#n$ R+.

Part +' Configure IPsec Para,eters

"tep &' Identify interesting traffic on R&/

#. C"n&i'ure ACL 101 %" i$en%i& %(e %r#&&i! &r") %(e LAN "n R&%" %(e LAN "n R#n$ R+ # in%ere%in'. T(iin%ere%in' %r#&&i! ,ill %ri''er %(e IPe! PN %" *e i)le)en%e$ ,(enever %(ere i %r#&&i! *e%,een %(e Rn$ R 3R+LAN. All "%(er %r#&&i! "ur!e$ &r") %(e LAN ,ill n"% *e en!r%e$. Re)e)*er %(#% *e!#ue"& %(e i)li!i% $en #n %(ere i n" nee$ %" #$$ %(e %#%e)en% %" %(e li%.

1!config"# access-list 101 permit ip 10.0.0.0 0.255.255.255 172.16.0.00.0.3.255

*. Ree#% S%e 1# %" !"n&i'ure ACL 101 %" i$en%i& %(e %r#&&i! "n %(e LAN "& R3 # in%ere%in'.

.............................................................................

"tep ' Configure t2e I"A4#P P2ase & properties on R&/#. C"n&i'ure %(e !r%" ISA:P "li! &5&r"er%ie "n Rl"n' ,i%( %(e (#re$ !r%" -e cisco. ;eul%

v#lue $" n"% (#ve %" *e !"n&i'ure$ %(ere&"re "nl %(e en!r%i"n -e e!(#n'e )e%("$ #n$ ;< )e%("$)u% *e !"n&i'ure$.

1!config"# crypto isakmp policy 101

1!config-isakmp"# encryption aes

1!config-isakmp"# authentication pre-share

1!config-isakmp"# group 5

1!config-isakmp"# eit

*. Gener#%e i#-) -e &"r e#!( eer "& R&.

1!config"# crypto isakmp key cisco address /100121!config"# crypto isakmp key cisco address /102/2

"tep +' Configure t2e I"A4#P P2ase properties on R&/

#. Cre#%e %(e %r#n&"r)=e% P63"ET%" ue esp3aes#n$ esp3s2a32,ac. T(en !re#%e %(e !r%" )#P63#AP%(#% *in$ #ll "& %(e P(#e 2 #r#)e%er %"'e%(er. >e e?uen!e nu)*er &5n$ i$en%i& i% ##n ipsec3isak,p)#.

1!config"# crypto ipsec transform-set !1"#et esp-aes esp-sha-hmac

2013 Ci!" #n$/"r i% #&&ili#%e. All ri'(% reerve$. T(i $"!u)en% i Ci!" Pu*li!. P#'e +"& -

7/25/2019 7.3.2.8 Packet Tracer - Configuring GRE Over IPsec Instructions.docx

4/5

Packet Tracer Configuring GRE Over IPsec (Optional)

1!config"# crypto map !1"$ap 101 ipsec-isakmp

1!config-crypto-map"# set peer 6%.100.13.2

1!config-crypto-map"# set peer 6%.102.%6.2

1!config-crypto-map"# set transform-set !1"#et

1!config-crypto-map"#match address 101

1!config-crypto-map"# eit

"tep .' Configure t2e crypto ,ap on t2e outgoing interface/

in#ll *in$ %(e R&7#ap!r%" )# %" %(e "u%'"in' Seri#l 0/0/0 in%er!e. 6ote@ T(i i n"% 'r#$e$.

1!config"# interface #0&0&0

1!config-if"# crypto map !1"$ap

"tep -' Configure IPsec Para,eters on R and R+

Ree#% S%e 1=4 "n R#n$ R+. :"$i& %(e e% #n$ )# n#)e &r") R&%" R#n$ R+. >e %(e #)ee%en$e$ ACL nu)*er 101. N"%e %(#% e#!( r"u%er "nl nee$ "ne en!r%e$ !"nne!%i"n %" R&. T(ere i n"en!r%e$ !"nne!%i"n *e%,een R#n$ R+.

Part .' Configure GRE Tunnels over IP"ec

"tep &' Configure t2e Tunnel interfaces of R&/

#. n%er in%" %(e !"n&i'ur#%i"n )"$e &"r R&Tunnel 0.

1!config"# interface tunnel 0

*. Se% %(e IP #$$re # in$i!#%e$ in %(e A$$rein' T#*le.

1!config-if"# ip address 192.16'.0.1 255.255.255.252

!. Se% %(e "ur!e #n$ $e%in#%i"n &"r %(e en$"in% "& Tunnel 0.

1!config-if"# tunnel source s0&0&0

1!config-if"# tunnel destination 6%.100.13.2

$. C"n&i'ure Tunnel 0 %" !"nve IP %r#&&i! "ver GR.

1!config-if"# tunnel mode gre ip

e. T(e Tunnel 0 in%er!e ("ul$ #lre#$ *e #!%ive. In %(e even% %(#% i% i n"% %re#% i% li-e #n "%(er in%er!e.

&. Ree#% S%e 1#=& %" !re#%e %(e Tunnel 1 in%er!e %" R+. C(#n'e %(e #$$rein' ,(ere #r"ri#%e.

"tep ' Configure t2e Tunnel 5 interface of R and R+/

#. Ree#% S%e 1# e ,i%( R. Be ure %" !(#n'e %(e IP #$$rein' # #r"ri#%e.

*. Ree#% S%e 1# e ,i%( R+. Be ure %" !(#n'e %(e IP #$$rein' # #r"ri#%e.

"tep +' Configure a route for private IP traffic/

#. ;e&ine # r"u%e &r") R&%" %(e 172.16.0.0 #n$ 172.16.4.0 ne%,"r- uin' %(e ne%=(" #$$re "& %(e%unnel in%er!e.

*. ;e&ine # r"u%e &r") R#n$ R+%" %(e 10.0.0.0 ne%,"r- uin' %(e ne%=(" #$$re "& %(e %unnel in%er!e.

2013 Ci!" #n$/"r i% #&&ili#%e. All ri'(% reerve$. T(i $"!u)en% i Ci!" Pu*li!. P#'e ."& -

7/25/2019 7.3.2.8 Packet Tracer - Configuring GRE Over IPsec Instructions.docx

5/5

Packet Tracer Configuring GRE Over IPsec (Optional)

Part -' erify Connectivity

"tep &' Ping "erver& fro, 0 and PC+/

#. A%%e)% %" in' %(e IP #$$re "& "erver&&r") 0#n$ PC+. T(e in' ("ul$ *e u!!e&ul.

*. A%%e)% %" in' %(e IP #$$re "& 0&r") PC+. T(e in' ("ul$ il *e!#ue %(ere i n" %unnel *e%,een

%(e %," ne%,"r-.

2013 Ci!" #n$/"r i% #&&ili#%e. All ri'(% reerve$. T(i $"!u)en% i Ci!" Pu*li!. P#'e -"& -