GNS3
http://forum.gns3.net/

SITE-SITE VPN
http://forum.gns3.net/topic1402.html
Page 1 of 1

Author:  midhunkumar [ Thu Dec 10, 2009 7:19 am ]
Post subject:  SITE-SITE VPN

Hi Frnz..hre u can c how to config a site-site vpn

Image

Configuration Of R1 (Cust Site A) :
hostname CusSite-A
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
username cisco123 privilege 15 password 0 cisco123
!
!
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
crypto isakmp key 123456 address 172.16.1.2
!
!
crypto ipsec transform-set mk esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to172.16.1.2
set peer 172.16.1.2
set transform-set mk
match address 100
!
!
!
!
interface Loopback0
ip address 192.168.2.1 255.255.255.0
!
interface Serial0/0
ip address 10.1.1.1 255.255.255.0
serial restart-delay 0
crypto map SDM_CMAP_1
!
interface Serial0/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 Serial0/0 10.1.1.2
ip route 172.16.2.0 255.255.255.0 10.1.1.2
!
!
!
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.2.0 0.0.0.255 172.16.2.0 0.0.0.255
!
!
!
control-plane
!

!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login local
transport input ssh
!
!
end
-----------------------------------------------------------
Configuration of R2 (ISP) :
hostname ISP
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
interface Serial0/0
ip address 10.1.1.2 255.255.255.0
serial restart-delay 0
!
interface Serial0/1
ip address 172.16.1.1 255.255.255.0
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
ip http server
no ip http secure-server
ip route 172.16.2.0 255.255.255.0 Serial0/1 172.16.1.2
ip route 192.168.1.0 255.255.255.0 Serial0/0 10.1.1.1
ip route 192.168.2.0 255.255.255.0 Serial0/0 10.1.1.1
!
!
!
!
!
!
control-plane
!
!
!!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
-------------------------------------------
Config of R3 (Cus Site B) :
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CusSite-B
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
username cisco123 privilege 15 password 0 cisco123
!
!
!
!
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
crypto isakmp key 123456 address 10.1.1.1
!
!
crypto ipsec transform-set mk esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
set peer 10.1.1.1
set transform-set mk
match address SDM_1
!
!
!
!
interface Loopback0
ip address 172.16.2.1 255.255.255.0
!
interface Serial0/0
ip address 172.16.1.2 255.255.255.0
serial restart-delay 0
no fair-queue
crypto map SDM_CMAP_1
!
interface Serial0/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 Serial0/0 172.16.1.1
!
!
!
!
ip access-list extended SDM_1
remark SDM_ACL Category=4
remark IPSec Rule
permit ip 172.16.2.0 0.0.0.255 192.168.2.0 0.0.0.255
!
!
!
control-plane
!
!!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
Packet Capture Output
Image

R1 Debug Output

Image



Thank You......
............Ur's MK

Author:  waqasgk [ Tue Sep 06, 2011 5:18 pm ]
Post subject:  Re: SITE-SITE VPN

Great..
also check out my site to site vpn lab on gns3 http://commonerrors.blogspot.com/2011/0 ... on-on.html
thanks

Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/