[ LiB ]Scenarios Practical Exercise 14-1 Solution

Practical Exercise 14-1: IPSec Router-to-Router

Complete the tasks outlined in this Practical Exercise. Also review the Practical Exercise solution to see how you did and to see what concepts you might need to review.

In this Practical Exercise, you will configure your R1 router to initiate an IPSec router-to-router connection to R2. IKE will use an MD5 hash along with preshared keys. R1 will always initiate the tunnel between the two routers and will be configured to initiate in aggressive mode. R2 will use a dynamic crypto map to accept the tunnel parameters from R1, although it could also have a standard LAN-to-LAN tunnel configuration applied.

Background Information

You are the administrator of R1. You need to configure a LAN-to-LAN connection to R2, as shown in Figure 14-4.

Figure 14-4. IPSec Router-to-Router Topology

graphics/14fig04.gif


Task 1: Verify Compatibility with Existing Access Lists

To run IKE and IPSec, you need to ensure that any existing access lists are compatible with both protocols. Any existing access lists must allow the ports required by IKE and IPSec to pass through them.

Task 2: Define IKE Parameters

Step 1. At the R1 console, provide all the configuration required to set the following IKE settings:

- Define an ISAKMP policy.

- Set the ISAKMP keepalive interval.

- Define the ISAKMP peer and aggressive mode.

Step 2. At the R2 console, provide all the configuration required to set the following IKE settings:

- Define an ISAKMP policy.

- Set the ISAKMP keepalive interval.

- Define the ISAKMP peer and key.

Task 3: Define IPSec Parameters

Step 1. At the R1 console, provide all the configuration required to set the following IPSec settings:

- Define a route to the peer network.

- Define a crypto access list.

- Define an IPSec transform set.

- Define the IPSec crypto map.

- Associate the crypto map to the Ethernet 0 interface.

Step 2. At the R2 console, provide all the configuration required to set the following IPSec settings:

- Define a route to the peer network.

- Define an IPSec transform set.

- Define a dynamic IPSec crypto map.

- Define the IPSec crypto map.

- Associate the crypto map to the Ethernet 0 interface.

[ LiB ]Scenarios Practical Exercise 14-1 Solution