| [ LiB ] |   |
Practical Exercise 14-2: Three Full-Mesh IPSec Routers
Complete the tasks outlined in this Practical Exercise. Also review the Practical Exercise solution to see how you did and to see what concepts you might need to review.
In this Practical Exercise, you are the administrator of a set of routersR1, R2, and R3and you are required to configure an IPSec VPN between them. The VPNs are required to provide redundancy between the sites in case of a line failure. You are required to have connectivity between the networks behind each of a router's two peers. Encryption is to be done as follows:
From network 160.160.160.x to network 170.170.170.x
From network 160.160.160.x to network 180.180.180.x
From network 170.170.170.x to network 180.180.180.x
Background Information
You will configure a VPN between three routers, as illustrated in Figure 14-5.
Figure 14-5. Three Full-Mesh IPSec Routers Topology
Task 1: Verify Compatibility with Existing Access Lists
To run IKE and IPSec, you need to ensure that any existing access lists are compatible with both protocols. Any existing access lists must allow the ports required by IKE and IPSec to pass through them.
Task 2: Define IKE Parameters
- Step 1. At the R1 console, provide all the configuration required to set the following IKE settings:
- Define an ISAKMP policy.
- Define the ISAKMP peer and key.
- Step 2. At the R2 console, provide all the configuration required to set the following IKE settings:
- Define an ISAKMP policy.
- Define the ISAKMP peer and key.
- Step 3. At the R3 console, provide all the configuration required to set the following IKE settings:
- Define an ISAKMP policy.
- Define the ISAKMP peer and key.
Task 3: Define IPSec Parameters
- Step 1. At the R1 console, provide all the configuration required to set the following IPSec settings:
- Define a route to the peer network.
- Define a crypto access list.
- Define an IPSec transform set.
- Define the IPSec crypto map.
- Associate the crypto map to the Ethernet 0 interface.
- Step 2. At the R2 console, provide all the configuration required to set the following IPSec settings:
- Define a route to the peer network.
- Define a crypto access list.
- Define an IPSec transform set.
- Define the IPSec crypto map.
- Associate the crypto map to the Ethernet 0 interface.
- Step 3. At the R3 console, provide all the configuration required to set the following IPSec settings:
- Define a route to the peer network.
- Define a crypto access list.
- Define an IPSec transform set.
- Define the IPSec crypto map.
- Associate the crypto map to the Ethernet 0 interface.
| [ LiB ] | |