[ LiB ]Practical Exercise 14-2 Solution Practical Exercise 14-3 Solution

Practical Exercise 14-3: IPSec Router-to-Router Hub and Spoke

Complete the tasks outlined in this Practical Exercise. Also review the Practical Exercise solution to see how you did and to see what concepts you might need to review.

In this Practical Exercise, you are the administrator of a set of routersR1, R2, R3, and R4. You are required to configure an IPSec VPN between them. R1 is your hub router, and the remaining routers form spokes around it. You will define a single crypto map on the hub router, specifying the networks behind each of its three peers. The crypto maps on each of the spoke routers specify the network behind the hub router. Encryption will be done between the following networks:

Background Information

You will configure a VPN between a hub-and-spoke router configuration, as illustrated in Figure 14-6.

Figure 14-6. IPSec Router-to-Router Hub-and-Spoke Topology

graphics/14fig06.gif


Task 1: Verify Compatibility with Existing Access Lists

To run IKE and IPSec, you need to ensure that any existing access lists are compatible with both protocols. Any existing access lists must allow the ports required by IKE and IPSec to pass through them.

Task 2: Define IKE Parameters

Step 1. At the R1 console, provide all the configuration required to set the following IKE settings:

- Define an ISAKMP policy.

- Define the ISAKMP peer and key.

Step 2. At the R2 console, provide all the configuration required to set the following IKE settings:

- Define an ISAKMP policy.

- Define the ISAKMP peer and key.

Step 3. At the R3 console, provide all the configuration required to set the following IKE settings:

- Define an ISAKMP policy.

- Define the ISAKMP peer and key.

Step 4. At the R4 console, provide all the configuration required to set the following IKE settings:

- Define an ISAKMP policy.

- Define the ISAKMP peer and key.

Task 3: Define IPSec Parameters

Step 1. At the R1 console, provide all the configuration required to set the following IPSec settings:

- Define a route to the peer network.

- Define a crypto access list.

- Define an IPSec transform set.

- Define the IPSec crypto map.

- Associate the crypto map to the Ethernet 0 interface.

Step 2. At the R2 console, provide all the configuration required to set the following IPSec settings:

- Define a route to the peer network.

- Define a crypto access list.

- Define an IPSec transform set.

- Define the IPSec crypto map.

- Associate the crypto map to the Ethernet 0 interface.

Step 3. At the R3 console, provide all the configuration required to set the following IPSec settings:

- Define a route to the peer network.

- Define a crypto access list.

- Define an IPSec transform set.

- Define the IPSec crypto map.

- Associate the crypto map to the Ethernet 0 interface.

Step 4. At the R4 console, provide all the configuration required to set the following IPSec settings:

- Define a route to the peer network.

- Define a crypto access list.

- Define an IPSec transform set.

- Define the IPSec crypto map.

- Associate the crypto map to the Ethernet 0 interface.

[ LiB ]Practical Exercise 14-2 Solution Practical Exercise 14-3 Solution