Task
 |
| Topology |
- Configure IP Addresses as per given in topology.
- Configure DNS on Server as per given in topology.
- Make sure you need to create Site-to-Site GRE Static VPN over R5 and R6 to communicate secure loopback communications. Make sure ISAKMP key is netwaxlab.
- Ping netwaxlab.com and blog.eincop.com from R5 and R6.
- Make sure PAT is enable on ASA from internal network.
- Configure DMVPN over R1, R2 and R3. Configure R1 as a HUB. R2 and R3 as a Spokes.
Solution
Task 2: Configure DNS on Server as per given in topology.
ip dns server
ip host netwaxlab.com 100.100.100.100
ip host blog.eincop.com 100.100.100.101
Configure name server on ASA, R4, R5 and R6.
ip domain-lookup
ip name-server 120.32.52.254
Task 3: Make sure you need to create Site-to-Site GRE Static VPN over R5 and R6 to communicate secure loopback communications. Make sure ISAKMP key is netwaxlab.
On R5
=====
interface Tunnel0
ip address 10.0.0.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 10.0.46.6
exit
router eigrp 100
network 10.0.0.0 0.0.0.255
network 192.10.1.0 0.0.0.255
network 192.10.2.0 0.0.0.255
network 192.10.3.0 0.0.0.255
network 192.10.4.0 0.0.0.255
no auto-summary
exit
crypto isakmp policy 10
authentication pre-share
encryption 3des
group 2
hash sha
lifetime 1800
exit
crypto ipsec transform-set tset esp-sha-hmac esp-3des
exit
crypto isakmp key netwaxlab add 10.0.46.6
crypto ipsec profile IPSEC
set transform-set tset
exit
crypto ipsec profile IPSEC
set transform-set tset
exit
int t0
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSEC
exit
On R6
=====
interface Tunnel0
ip address 10.0.0.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 10.0.46.6
exit
router eigrp 100
network 10.0.0.0 0.0.0.255
network 192.20.1.0 0.0.0.255
network 192.20.2.0 0.0.0.255
network 192.20.3.0 0.0.0.255
network 192.20.4.0 0.0.0.255
no auto-summary
exit
crypto isakmp policy 10
authentication pre-share
encryption 3des
group 2
hash sha
lifetime 1800
exit
crypto ipsec transform-set tset esp-sha-hmac esp-3des
exit
crypto isakmp key netwaxlab add 10.0.45.5
crypto ipsec profile IPSEC
set transform-set tset
exit
crypto ipsec profile IPSEC
set transform-set tset
exit
int t0
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSEC
exit
Task 4: Ping netwaxlab.com and blog.eincop.com from R5 and R6.
On R5
=====
ip domain-lookup
ip name-server 120.32.52.254
On R6
=====
ip domain-lookup
ip name-server 120.32.52.254
Task 5: Make sure PAT is enable on ASA from internal network.
============================================================
access-list NAT permit ip 192.168.200.0 255.255.255.0 any
access-list NAT permit ip 10.0.45.0 255.255.255.0 any
access-list NAT permit ip 10.0.46.0 255.255.255.0 any
nat (inside) 1 access-list NAT
global (outside) 1 interface
Task 6: Configure DMVPN over R1, R2 and R3. Configure R1 as a HUB. R2 and R3 as a Spokes.
On R1
=====
crypto isakmp policy 10
encr 3des
authentication pre-share
group 5
lifetime 1800
exit
crypto isakmp key netwaxlab address 0.0.0.0 0.0.0.0
exit
crypto ipsec transform-set tset esp-3des esp-sha-hmac
mode transport
exit
crypto ipsec profile IPSEC
set transform-set tset
exit
interface Tunnel0
ip address 192.168.1.1 255.255.255.0
ip nhrp authentication netwax
ip nhrp map multicast dynamic
ip nhrp network-id 13
ip nhrp holdtime 300
no ip split-horizon eigrp 100
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 111
tunnel protection ipsec profile IPSEC
exit
router eigrp 100
network 192.168.1.0
no auto-summary
exit
On R2
=====
crypto isakmp policy 10
encr 3des
authentication pre-share
group 5
lifetime 1800
exit
crypto isakmp key netwaxlab address 0.0.0.0 0.0.0.0
exit
crypto ipsec transform-set tset esp-3des esp-sha-hmac
mode transport
exit
crypto ipsec profile IPSEC
set transform-set tset
exit
interface Loopback1
ip address 2.2.2.2 255.255.255.0
interface Tunnel0
ip address 192.168.1.2 255.255.255.0
no ip redirects
ip nhrp authentication netwax
ip nhrp map multicast 152.188.20.100
ip nhrp map 192.168.1.1 152.188.20.100
ip nhrp network-id 13
ip nhrp holdtime 300
ip nhrp nhs 192.168.1.1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 111
tunnel protection ipsec profile IPSEC
exit
router eigrp 100
network 2.2.2.0 0.0.0.255
network 192.168.1.0
no auto-summary
exit
On R3
=====
crypto isakmp policy 10
encr 3des
authentication pre-share
group 5
lifetime 1800
exit
crypto isakmp key netwaxlab address 0.0.0.0 0.0.0.0
exit
crypto ipsec transform-set tset esp-3des esp-sha-hmac
mode transport
exit
crypto ipsec profile IPSEC
set transform-set tset
exit
interface Loopback1
ip address 3.3.3.3 255.255.255.0
interface Tunnel0
ip address 192.168.1.3 255.255.255.0
no ip redirects
ip nhrp authentication netwax
ip nhrp map multicast 152.188.20.100
ip nhrp map 192.168.1.1 152.188.20.100
ip nhrp network-id 13
ip nhrp holdtime 300
ip nhrp nhs 192.168.1.1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 111
tunnel protection ipsec profile IPSEC
exit
router eigrp 100
network 3.3.3.0 0.0.0.255
network 192.168.1.0
no auto-summary
exit
Note: verify using "sh crypto session", "sh crypto isakmp sa" and "sh crypto ipsec sa"
ip dns server
ip host netwaxlab.com 100.100.100.100
ip host blog.eincop.com 100.100.100.101
Configure name server on ASA, R4, R5 and R6.
ip domain-lookup
ip name-server 120.32.52.254
Task 3: Make sure you need to create Site-to-Site GRE Static VPN over R5 and R6 to communicate secure loopback communications. Make sure ISAKMP key is netwaxlab.
On R5
=====
interface Tunnel0
ip address 10.0.0.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 10.0.46.6
exit
router eigrp 100
network 10.0.0.0 0.0.0.255
network 192.10.1.0 0.0.0.255
network 192.10.2.0 0.0.0.255
network 192.10.3.0 0.0.0.255
network 192.10.4.0 0.0.0.255
no auto-summary
exit
crypto isakmp policy 10
authentication pre-share
encryption 3des
group 2
hash sha
lifetime 1800
exit
crypto ipsec transform-set tset esp-sha-hmac esp-3des
exit
crypto isakmp key netwaxlab add 10.0.46.6
crypto ipsec profile IPSEC
set transform-set tset
exit
crypto ipsec profile IPSEC
set transform-set tset
exit
int t0
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSEC
exit
On R6
=====
interface Tunnel0
ip address 10.0.0.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 10.0.46.6
exit
router eigrp 100
network 10.0.0.0 0.0.0.255
network 192.20.1.0 0.0.0.255
network 192.20.2.0 0.0.0.255
network 192.20.3.0 0.0.0.255
network 192.20.4.0 0.0.0.255
no auto-summary
exit
crypto isakmp policy 10
authentication pre-share
encryption 3des
group 2
hash sha
lifetime 1800
exit
crypto ipsec transform-set tset esp-sha-hmac esp-3des
exit
crypto isakmp key netwaxlab add 10.0.45.5
crypto ipsec profile IPSEC
set transform-set tset
exit
crypto ipsec profile IPSEC
set transform-set tset
exit
int t0
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSEC
exit
Task 4: Ping netwaxlab.com and blog.eincop.com from R5 and R6.
On R5
=====
ip domain-lookup
ip name-server 120.32.52.254
On R6
=====
ip domain-lookup
ip name-server 120.32.52.254
Task 5: Make sure PAT is enable on ASA from internal network.
============================================================
access-list NAT permit ip 192.168.200.0 255.255.255.0 any
access-list NAT permit ip 10.0.45.0 255.255.255.0 any
access-list NAT permit ip 10.0.46.0 255.255.255.0 any
nat (inside) 1 access-list NAT
global (outside) 1 interface
Task 6: Configure DMVPN over R1, R2 and R3. Configure R1 as a HUB. R2 and R3 as a Spokes.
On R1
=====
crypto isakmp policy 10
encr 3des
authentication pre-share
group 5
lifetime 1800
exit
crypto isakmp key netwaxlab address 0.0.0.0 0.0.0.0
exit
crypto ipsec transform-set tset esp-3des esp-sha-hmac
mode transport
exit
crypto ipsec profile IPSEC
set transform-set tset
exit
interface Tunnel0
ip address 192.168.1.1 255.255.255.0
ip nhrp authentication netwax
ip nhrp map multicast dynamic
ip nhrp network-id 13
ip nhrp holdtime 300
no ip split-horizon eigrp 100
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 111
tunnel protection ipsec profile IPSEC
exit
router eigrp 100
network 192.168.1.0
no auto-summary
exit
On R2
=====
crypto isakmp policy 10
encr 3des
authentication pre-share
group 5
lifetime 1800
exit
crypto isakmp key netwaxlab address 0.0.0.0 0.0.0.0
exit
crypto ipsec transform-set tset esp-3des esp-sha-hmac
mode transport
exit
crypto ipsec profile IPSEC
set transform-set tset
exit
interface Loopback1
ip address 2.2.2.2 255.255.255.0
interface Tunnel0
ip address 192.168.1.2 255.255.255.0
no ip redirects
ip nhrp authentication netwax
ip nhrp map multicast 152.188.20.100
ip nhrp map 192.168.1.1 152.188.20.100
ip nhrp network-id 13
ip nhrp holdtime 300
ip nhrp nhs 192.168.1.1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 111
tunnel protection ipsec profile IPSEC
exit
router eigrp 100
network 2.2.2.0 0.0.0.255
network 192.168.1.0
no auto-summary
exit
On R3
=====
crypto isakmp policy 10
encr 3des
authentication pre-share
group 5
lifetime 1800
exit
crypto isakmp key netwaxlab address 0.0.0.0 0.0.0.0
exit
crypto ipsec transform-set tset esp-3des esp-sha-hmac
mode transport
exit
crypto ipsec profile IPSEC
set transform-set tset
exit
interface Loopback1
ip address 3.3.3.3 255.255.255.0
interface Tunnel0
ip address 192.168.1.3 255.255.255.0
no ip redirects
ip nhrp authentication netwax
ip nhrp map multicast 152.188.20.100
ip nhrp map 192.168.1.1 152.188.20.100
ip nhrp network-id 13
ip nhrp holdtime 300
ip nhrp nhs 192.168.1.1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 111
tunnel protection ipsec profile IPSEC
exit
router eigrp 100
network 3.3.3.0 0.0.0.255
network 192.168.1.0
no auto-summary
exit
Note: verify using "sh crypto session", "sh crypto isakmp sa" and "sh crypto ipsec sa"
Great Post !Free Online Skill Test, e Tutorial, Video Tutorial & Training on CCNA,CCNP & CCIE-
ReplyDeleteHub4tech.com