In this lab we connect the 3 sites of our company using secure IPsec VPN connections.
The ISP network consists of 4 Routers which are running EIGRP between them.
Our headquarters is connected to the ISP with the CE_4 router.
The branch offices, CE_5 being Branch1, and CE_8 Branch2.
Networks are 192.168.0.0/21 behing CE_4, edge router.
In Branch 1 we have 192.168.16.0/20 networks. (Simulated with loopback int)
In Branch 2 there are the 192.168.8.0/21 networks.
This setup demonstrates all the IPsec negotiation and tunnel establishment using a dynamic map on CE_4.. The key point is the create the relationship between the static crypto map and the dynamic one.
Due to our ISAKMP Policy we are using a Pre-Shared key for authentication. Which will be defined as a wildcard, so our VPN peers can connect using whichever address they have.
# crypto isakmp key
Here are the lab files for gns3. Download
Good Reading:
Wildcard Pre-Shared Key Enhancement @cisco
Security Commands: crypto dynamic-map through ctype @cisco
file is deleted can u post again
ReplyDelete