Simulation tool : GNS3
IOS Image : 3745
Router : 5EA
R1,3,5 : You need to change symbol
|
===WIN1(R1)=== |
|
enable configure terminal hostname WIN1 no ip routing ip host win5 1.1.45.5 ! interface FastEthernet0/0 ip address 1.1.12.1 255.255.255.0 no shutdown ! ip default-gateway 1.1.12.254 exit |
|
===WIN5(R5)=== |
|
enable configure terminal hostname WIN5 no ip routing ip host win1 1.1.12.1 ! interface FastEthernet0/1 ip address 1.1.45.5 255.255.255.0 no shutdown ip default-gateway 1.1.45.254 |
|
===HQ(R2)=== |
|
enable configure terminal hostname HQ ! crypto isakmp policy 6 authentication pre-share group 2 crypto isakmp key 6 cisco address 1.1.34.4 ! crypto ipsec transform-set ENRYPT-DES esp-des esp-sha-hmac ! crypto map GRE_IPSEC 10 ipsec-isakmp set peer 1.1.34.4 set transform-set ENRYPT-DES match address 100 ! interface Tunnel0 ip address 2.2.2.1 255.255.255.0 tunnel source FastEthernet0/1 tunnel destination 1.1.34.4 crypto map GRE_IPSEC ! interface FastEthernet0/0 ip address 1.1.12.254 255.255.255.0 no shutdown interface FastEthernet0/1 ip address 1.1.23.2 255.255.255.0 no shutdown crypto map GRE_IPSEC ! ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 1.1.23.3 ip route 1.1.45.0 255.255.255.0 Tunnel0 2.2.2.2 ! access-list 100 permit gre host 1.1.23.2 host 1.1.34.4 ! exit |
|
===ISP(R3)=== |
|
enable configure terminal hostname ISP ! interface FastEthernet0/0 ip address 1.1.34.3 255.255.255.0 no shutdown interface FastEthernet0/1 ip address 1.1.23.3 255.255.255.0 no shutdown ! ip route 1.1.12.0 255.255.255.0 FastEthernet0/1 1.1.23.2 ip route 1.1.45.0 255.255.255.0 FastEthernet0/0 1.1.34.4 ! end |
|
===BO(R4)=== |
|
enable configure terminal ! hostname BO ! crypto isakmp policy 6 authentication pre-share group 2 crypto isakmp key 6 cisco address 1.1.23.2 255.255.255.0 ! crypto ipsec transform-set ENRYPT-DES esp-des esp-sha-hmac ! crypto map GRE_IPSEC 10 ipsec-isakmp set peer 1.1.23.2 set transform-set ENRYPT-DES match address 100 ! interface Tunnel0 ip address 2.2.2.2 255.255.255.0 tunnel source FastEthernet0/0 tunnel destination 1.1.23.2 crypto map GRE_IPSEC ! interface FastEthernet0/0 ip address 1.1.34.4 255.255.255.0 no shutdown crypto map GRE_IPSEC ! interface FastEthernet0/1 ip address 1.1.45.254 255.255.255.0 no shutdown ! ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 1.1.34.3 ip route 1.1.12.0 255.255.255.0 Tunnel0 2.2.2.1 ! access-list 100 permit gre host 1.1.34.4 host 1.1.23.2 end |
|
Capute traffices on a wire between HQ and R3 |
|
|
GRE-IPsec.pcapng
|
If we need to recapture on 1.1.23.2 |
|
# clear crypto sa peer 1.1.34.4 |
