22 Jan 2010

IPsec VPN Lab, (using Dynamic crypto Map)



In this lab we connect the 3 sites of our company using secure IPsec VPN connections.

The ISP network consists of 4 Routers which are running EIGRP between them.

Our headquarters is connected to the ISP with the CE_4 router.
The branch offices, CE_5 being Branch1, and CE_8 Branch2.

Networks are 192.168.0.0/21 behing CE_4, edge router.
In Branch 1 we have 192.168.16.0/20 networks. (Simulated with loopback int)
In Branch 2 there are the 192.168.8.0/21 networks.

This setup demonstrates all the IPsec negotiation and tunnel establishment using a dynamic map on CE_4.. The key point is the create the relationship between the static crypto map and the dynamic one.

Due to our ISAKMP Policy we are using a Pre-Shared key for authentication. Which will be defined as a wildcard, so our VPN peers can connect using whichever address they have.

# crypto isakmp key address 0.0.0.0

Here are the lab files for gns3. Download

Good Reading:
Wildcard Pre-Shared Key Enhancement @cisco
Security Commands: crypto dynamic-map through ctype @cisco

1 comment: