[ LiB ]Practical Exercise 14-3 Solution Practical Exercise 14-4 Solution

Practical Exercise 14-4: IPSec Between Three Routers Using Private Addresses

Complete the tasks outlined in this Practical Exercise. Also review the Practical Exercise solution to see how you did and to see what concepts you might need to review.

In this Practical Exercise, you are the administrator of a set of routersR1, R2, and R3and you are required to configure an IPSec VPN between them. You will configure your routers so that they form a full mesh with connectivity to the private networks behind each peer router.

Background Information

You will configure a VPN between three routers with private networks, as illustrated in Figure 14-7.

Figure 14-7. IPSec Between Three Routers Using Private Addresses

graphics/14fig07.gif


Task 1: Verify Compatibility with Existing Access Lists

To run IKE and IPSec, you need to ensure that any existing access lists are compatible with both protocols. Any existing access lists must allow the ports required by IKE and IPSec to pass through them.

Task 2: Create Network Address Translation

Step 1. At the R1 console, provide all the configuration required to set the following IKE settings:

- Define traffic to undergo NAT.

- Define an access list for NAT.

- Define the NAT route map.

- Define the NAT interfaces.

Step 2. At the R2 console, provide all the configuration required to set the following IKE settings:

- Define traffic to undergo NAT.

- Define an access list for NAT.

- Define the NAT route map.

- Define the NAT interfaces.

Step 3. At the R3 console, provide all the configuration required to set the following IKE settings:

- Define traffic to undergo NAT.

- Define an access list for NAT.

- Define the NAT route map.

- Define the NAT interfaces.

Task 3: Define IKE Parameters

Step 1. At the R1 console, provide all the configuration required to set the following IKE settings:

- Define an ISAKMP policy.

- Define the ISAKMP peer and key.

Step 2. At the R2 console, provide all the configuration required to set the following IKE settings:

- Define an ISAKMP policy.

- Define the ISAKMP peer and key.

Step 3. At the R3 console, provide all the configuration required to set the following IKE settings:

- Define an ISAKMP policy.

- Define the ISAKMP peer and key.

Task 4: Define IPSec Parameters

Step 1. At the R1 console, provide all the configuration required to set the following IPSec settings:

- Define a crypto access list.

- Define an IPSec transform set.

- Define the IPSec crypto map.

- Associate the crypto map to the Ethernet 0 interface.

Step 2. At the R2 console, provide all the configuration required to set the following IPSec settings:

- Define a crypto access list.

- Define an IPSec transform set.

- Define the IPSec crypto map.

- Associate the crypto map to the Ethernet 0 interface.

Step 3. At the R3 console, provide all the configuration required to set the following IPSec settings:

- Define a crypto access list.

- Define an IPSec transform set.

- Define the IPSec crypto map.

- Associate the crypto map to the Ethernet 0 interface.

[ LiB ]Practical Exercise 14-3 Solution Practical Exercise 14-4 Solution
payday loans