Site to Site IPSEC VPN lab in GNS3

hi can i malama here for gns3 volt and I want to show you how you can solve the side-to-side IPSec VPN lab so what do we have sample topology three routers and router Godzilla and Nessie they each have a loop back and the idea is that whenever we’re sending traffic from one loop-the-loop back to the other that it should be encrypted so let’s see how we can do this the firstly assignment make sure that we have full connectivity so we’re going to run OSPF and we’re just going to advertise everything that we have so let’s see what we have let me introduced my routers in right order something like this I’ll prep don’t make a typing error okay so or SPF and I’m going to do this the easy nature just let surprise everything that we have okay so let’s be patient okay that’s better the router OSPF or 12 whatever doesn’t matter okay they should take care of our connectivity is working to ensure that I can ping one another well I’m sure they can so I’m not going to try it and the next thing is that we’re going to shut up IP check and we’ll start with the ijk MP policy pre shared key AES 256 -bit share one flashing diffie-hellman coupe five and lifetime is an hour okay that should be the policy let’s copy and glue it to my other router since this is the same there we go so that’s the first step second stair let’s configure the key that we have and let me think that should be something like this key zero specified key specify the other side there we go it should be the key configure the IPSec transform specified cipher AAS we’re going to use ESP encapsulating hashing char so let’s configure this let me check normal thing okay so convert establish and okay we can do it like this crypto IPSec transform designate let’s give it a neat reputation my directions ESP share one ESP there we go that should be it and we’ll apply it on this router as well okay so that’s the alter named that’s all good change the IPSec security Association lifetime to 1800 seconds that’s something we can do and it should be let me think what it is where I’m supposed to configure this I think it’s kept oh here we go that should be it eighteen hundred based on this router as well what else do we have okay so we’re going to encrypt traffic from router deities fellows loop-the-loop back to Nessie’s loopback so section Silla overhead bottom left to the loopback of nashi on the bottom right so we need to make sure that we configured a access roll and the compensate crypto planned so let’s see how we can do this first of all the exes roll it’s using extended one so that’s the access directory on this place and another one for this and there we go there should be the access index let’s create the clear saloon crypto map IP Shack okay we accord our access listing configure the pair that’s the other side what else do we have BFS the movie and the transform designated and I’m going to set a defence Association doesn’t matter that much but let’s just select something and let’s do the same thing over here now we go so that’s the crypto map that’s all good a one more step we need to apply the capital map on the interface and that should be something like this keep the map my map and you can see that it is now enabled with on this valve as well there we go and that’s this should be it so let’s see what is happening and let’s try a pink see if it’s working okay so I’m sending a ping from one blue back to the other we can see that IPSec is doing something and let’s take a look which requires we can use so we got demo uppercase IPSec transform give let’s just give it a shot okay so that’s just the stuff that we configured evidence deterred our delineate this is just a wrap up of a crypto map we just did this one I think this is the one I was looking for show uppercase ipsec s a because what you can see here is this packet encapsulated and D capsulated and you will see if I do a ping then you can see that the number of packets has increased and this ping is from one loop-the-loop back to the other then you can see that the packets the amount is increasing but if we do really a regular thing then you can see it’s not increasing because it’s not matching the access inventory that I created here we go okay so we try the ping and as you exactly interpreted it’s it’s working okay so this is so mostly it this is how you can configure a area to surface IPSec VPN thanks for watching and till next time

You May Also Like