Configuration Guidelines
**************************************************************************************
IGP Used OSPF
Core-R1 - Area 0
Core-R2 - Area 1
Core-R3 - Area 2
R3-R4 - STATIC from R4 to R3 for Core S1/2 for Establishing IPSec GRE Tunnel
R3 Redistributes S1/1 into OSPF towards Core for providing reachability to R4 S2/0
for Setting UP IPSec GRE TUnnel
Core-R4 - OSPF Area 0 over 192.168.1.12/30 Subnet via IPSec GRE Tunnel established Over
Tunnel Interface 0
Crypto Map used VPN
Crypto Key used cisco123
Extended ACL used 134 for defining Interesting Traffic
IP CEF Disabled on Core and R4 for IPSec Tunnel
Crypto Map Apploed to Tunnel as well as Outgoing Physical Interface on Core and R4
***************************************************************************************
CE1A#sh running-config
Building configuration...
Current configuration : 1340 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE1A
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description <
ip address 10.0.20.1 255.255.255.255
!
interface FastEthernet0/0
description <
ip address 10.0.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
description <
ip address 192.168.1.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router ospf 1
log-adjacency-changes
redistribute connected subnets route-map Local
network 192.168.1.0 0.0.0.3 area 0
!
ip http server
!
!
!
!
route-map Local permit 10
match interface Loopback0 FastEthernet0/0
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
CE1A#
CE2A#sh running-config
Building configuration...
Current configuration : 1285 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE2A
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description <
ip address 10.0.30.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
description <
ip address 192.168.1.6 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router ospf 1
log-adjacency-changes
redistribute connected subnets route-map Local
network 192.168.1.4 0.0.0.3 area 1
!
ip http server
!
!
!
!
route-map Local permit 10
match interface Loopback0
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
CE2A#
CE3A#sh running-config
Building configuration...
Current configuration : 1335 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE3A
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description <
ip address 10.0.40.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
description <
ip address 192.168.1.10 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
description <
ip address 172.16.1.1 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router ospf 1
log-adjacency-changes
redistribute connected subnets route-map Local
network 192.168.1.8 0.0.0.3 area 2
!
ip http server
!
!
!
!
route-map Local permit 10
match interface Loopback0 Serial1/1
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
CE3A#
CE3A#
CE4A#sh running-config
Building configuration...
Current configuration : 2278 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE4A
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
!
!
!
!
no ip cef
!
!
multilink bundle-name authenticated
call rsvp-sync
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco123 address 192.168.1.9
!
!
crypto ipsec transform-set strong esp-3des esp-md5-hmac
mode transport
!
crypto map vpn 10 ipsec-isakmp
set peer 192.168.1.9
set transform-set strong
match address 134
!
!
!
!
!
interface Tunnel0
description <
ip address 192.168.1.14 255.255.255.252
keepalive 10 3
tunnel source Serial2/0
tunnel destination 192.168.1.9
crypto map vpn
!
interface Loopback0
description <
ip address 10.0.50.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
description <
ip address 172.16.10.1 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
!
interface Serial2/0
description <
ip address 172.16.1.2 255.255.255.252
serial restart-delay 0
crypto map vpn
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/7
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
redistribute connected subnets route-map Local
network 192.168.1.12 0.0.0.3 area 0
!
ip classless
ip route 192.168.1.9 255.255.255.255 172.16.1.1
!
!
no ip http server
no ip http secure-server
!
access-list 134 permit gre host 172.16.1.2 host 192.168.1.9
!
route-map Local permit 10
match interface FastEthernet1/0 Loopback0
!
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
CE4A#
Core#sh running-config
Building configuration...
Current configuration : 2186 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Core
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
!
!
!
!
no ip cef
!
!
multilink bundle-name authenticated
call rsvp-sync
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco123 address 172.16.1.2
!
!
crypto ipsec transform-set strong esp-3des esp-md5-hmac
mode transport
!
crypto map vpn 10 ipsec-isakmp
set peer 172.16.1.2
set transform-set strong
match address 134
!
!
!
!
!
interface Tunnel0
description <
ip address 192.168.1.13 255.255.255.252
tunnel source Serial1/2
tunnel destination 172.16.1.2
crypto map vpn
!
interface Loopback0
description <
ip address 10.0.10.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
description <
ip address 192.168.1.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
description <
ip address 192.168.1.5 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
description <
ip address 192.168.1.9 255.255.255.252
serial restart-delay 0
crypto map vpn
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
redistribute connected subnets route-map Local
network 192.168.1.0 0.0.0.3 area 0
network 192.168.1.4 0.0.0.3 area 1
network 192.168.1.8 0.0.0.3 area 2
network 192.168.1.12 0.0.0.3 area 0
!
ip classless
!
!
no ip http server
no ip http secure-server
!
access-list 134 permit gre host 192.168.1.9 host 172.16.1.2
!
route-map Local permit 10
match interface Loopback0
!
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
Core#
************************************************************************************************
OUTPUT
************************************************************************************************
CE1A#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
10.0.10.1 0 FULL/ - 00:00:35 192.168.1.1 Serial1/0
CE1A#sh ip rou
CE1A#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
O E2 172.16.10.0/24 [110/20] via 192.168.1.1, 00:01:03, Serial1/0
O E2 172.16.1.0/30 [110/20] via 192.168.1.1, 00:01:03, Serial1/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O E2 10.0.10.1/32 [110/20] via 192.168.1.1, 00:01:03, Serial1/0
C 10.0.1.0/24 is directly connected, FastEthernet0/0
O E2 10.0.30.1/32 [110/20] via 192.168.1.1, 00:01:03, Serial1/0
C 10.0.20.1/32 is directly connected, Loopback0
O E2 10.0.40.1/32 [110/20] via 192.168.1.1, 00:01:03, Serial1/0
O E2 10.0.50.1/32 [110/20] via 192.168.1.1, 00:01:03, Serial1/0
192.168.1.0/30 is subnetted, 4 subnets
O IA 192.168.1.8 [110/128] via 192.168.1.1, 00:01:03, Serial1/0
O 192.168.1.12 [110/1064] via 192.168.1.1, 00:01:03, Serial1/0
C 192.168.1.0 is directly connected, Serial1/0
O IA 192.168.1.4 [110/128] via 192.168.1.1, 00:01:04, Serial1/0
CE1A#
CE1A#ping 10.0.50.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.50.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 168/232/284 ms
CE1A#tra
CE1A#traceroute 172.16.10.1
Type escape sequence to abort.
Tracing the route to 172.16.10.1
1 192.168.1.1 28 msec 36 msec 40 msec
2 192.168.1.14 204 msec 192 msec *
CE1A#
CE2A#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
10.0.10.1 0 FULL/ - 00:00:37 192.168.1.5 Serial1/0
CE2A#sh ip rou
CE2A#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
O E2 172.16.10.0/24 [110/20] via 192.168.1.5, 00:01:22, Serial1/0
O E2 172.16.1.0/30 [110/20] via 192.168.1.5, 00:01:22, Serial1/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O E2 10.0.10.1/32 [110/20] via 192.168.1.5, 00:01:22, Serial1/0
O E2 10.0.1.0/24 [110/20] via 192.168.1.5, 00:01:22, Serial1/0
C 10.0.30.1/32 is directly connected, Loopback0
O E2 10.0.20.1/32 [110/20] via 192.168.1.5, 00:01:22, Serial1/0
O E2 10.0.40.1/32 [110/20] via 192.168.1.5, 00:01:22, Serial1/0
O E2 10.0.50.1/32 [110/20] via 192.168.1.5, 00:01:22, Serial1/0
192.168.1.0/30 is subnetted, 4 subnets
O IA 192.168.1.8 [110/128] via 192.168.1.5, 01:02:15, Serial1/0
O IA 192.168.1.12 [110/1064] via 192.168.1.5, 01:02:13, Serial1/0
O IA 192.168.1.0 [110/128] via 192.168.1.5, 01:02:16, Serial1/0
C 192.168.1.4 is directly connected, Serial1/0
CE2A#
CE2A#
CE2A#
CE2A#
CE2A#
CE2A#
CE2A#ping 172.16.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 200/231/252 ms
CE2A#tra
CE2A#traceroute 10.0.50.1
Type escape sequence to abort.
Tracing the route to 10.0.50.1
1 192.168.1.5 40 msec 64 msec 52 msec
2 192.168.1.14 208 msec 260 msec *
CE2A#
CE3A#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
10.0.10.1 0 FULL/ - 00:00:31 192.168.1.9 Serial1/0
CE3A#sh ip rou
CE3A#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
O E2 172.16.10.0/24 [110/20] via 192.168.1.9, 00:02:14, Serial1/0
C 172.16.1.0/30 is directly connected, Serial1/1
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O E2 10.0.10.1/32 [110/20] via 192.168.1.9, 00:02:14, Serial1/0
O E2 10.0.1.0/24 [110/20] via 192.168.1.9, 00:02:14, Serial1/0
O E2 10.0.30.1/32 [110/20] via 192.168.1.9, 00:02:14, Serial1/0
O E2 10.0.20.1/32 [110/20] via 192.168.1.9, 00:02:14, Serial1/0
C 10.0.40.1/32 is directly connected, Loopback0
O E2 10.0.50.1/32 [110/20] via 192.168.1.9, 00:02:14, Serial1/0
192.168.1.0/30 is subnetted, 4 subnets
C 192.168.1.8 is directly connected, Serial1/0
O IA 192.168.1.12 [110/1064] via 192.168.1.9, 01:03:05, Serial1/0
O IA 192.168.1.0 [110/128] via 192.168.1.9, 01:03:10, Serial1/0
O IA 192.168.1.4 [110/128] via 192.168.1.9, 01:03:11, Serial1/0
CE3A#
CE3A#
CE3A#ping 10.0.50.1
No comments:
Post a Comment