free tracking

Feb 19, 2012

This is it... This is real world!

I am doing the lab, CCNA Labs - Cisco for the Real World in GNS3 and as of now I have reached the end of Phase 3 and I can say that this lab is amazing. I've configured familiar things which are on the CCNA scope like VLANS and Trunking, NAT, Static route. I also configured EtherChannel which is discussed in CCNA but I don't remember having configured one during labs on my Cisco Networking Academy class few years back. There are also major topics which are not in the CCNA scope like Inter-VLAN with L3 Switching and (drum roll) ... VPN configuration!

In this lab, I am to setup the Branch Office network which has different VLANS, runs VOIP, with two APs one for Public and one for Private. The Private AP is connected to the internal private network while the Public AP can only connect to the Internet. There is a SERVER which can be accessed from the Internet and hosts should be able to access the Internet by passing through NAT. Then the Branch Office must be able to connect to the Corporate Office using VPN where in the addresses must not pass NAT.

The most exciting part so far in doing this lab is connecting routers to the Internet via my Network Interface card and I am able to ping Google.com from GNS3! This is real world!


To verify that the tunnel is established:

B1_RT1#sh crypto ipsec sa

interface: FastEthernet0/1
    Crypto map tag: MAP_VPN, local addr 192.168.254.101

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (10.1.64.0/255.255.248.0/0/0)
   remote ident (addr/mask/prot/port): (10.1.0.0/255.255.192.0/0/0)
   current_peer 192.168.254.106 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 14, #pkts encrypt: 14, #pkts digest: 14
    #pkts decaps: 15, #pkts decrypt: 15, #pkts verify: 15     #pkts compressed: 0, #pkts decompressed: 0     #pkts not compressed: 0, #pkts compr. failed: 0     #pkts not decompressed: 0, #pkts decompress failed: 0     #send errors 0, #recv errors 0      local crypto endpt.: 192.168.254.101, remote crypto endpt.: 192.168.254.106      path mtu 1500, ip mtu 1500      current outbound spi: 0xF579CD64(4118400356)      inbound esp sas:       spi: 0x236155C6(593581510)         transform: esp-aes esp-sha-hmac ,         in use settings ={Tunnel, }         conn id: 2001, flow_id: SW:1, crypto map: MAP_VPN         sa timing: remaining key lifetime (k/sec): (4532799/3138)         IV size: 16 bytes         replay detection support: Y         Status: ACTIVE      inbound ah sas:      inbound pcp sas:      outbound esp sas:       spi: 0xF579CD64(4118400356)         transform: esp-aes esp-sha-hmac ,         in use settings ={Tunnel, }         conn id: 2002, flow_id: SW:2, crypto map: MAP_VPN         sa timing: remaining key lifetime (k/sec): (4532799/3136)         IV size: 16 bytes         replay detection support: Y         Status: ACTIVE      outbound ah sas:      outbound pcp sas:    protected vrf: (none)    local  ident (addr/mask/prot/port): (10.1.254.0/255.255.255.252/0/0)    remote ident (addr/mask/prot/port): (10.1.0.0/255.255.192.0/0/0)    current_peer 192.168.254.106 port 500      PERMIT, flags={origin_is_acl,}     #pkts encaps: 4, #pkts encrypt: 4, #pkts digest: 4     #pkts decaps: 4, #pkts decrypt: 4, #pkts verify: 4     #pkts compressed: 0, #pkts decompressed: 0     #pkts not compressed: 0, #pkts compr. failed: 0     #pkts not decompressed: 0, #pkts decompress failed: 0     #send errors 0, #recv errors 0      local crypto endpt.: 192.168.254.101, remote crypto endpt.: 192.168.254.106      path mtu 1500, ip mtu 1500      current outbound spi: 0xFA4A18A8(4199159976)      inbound esp sas:       spi: 0x77799CF7(2004458743)         transform: esp-aes esp-sha-hmac ,         in use settings ={Tunnel, }         conn id: 2003, flow_id: SW:3, crypto map: MAP_VPN         sa timing: remaining key lifetime (k/sec): (4597585/3590)         IV size: 16 bytes         replay detection support: Y         Status: ACTIVE      inbound ah sas:      inbound pcp sas:      outbound esp sas:       spi: 0xFA4A18A8(4199159976)         transform: esp-aes esp-sha-hmac ,         in use settings ={Tunnel, }         conn id: 2004, flow_id: SW:4, crypto map: MAP_VPN         sa timing: remaining key lifetime (k/sec): (4597585/3587)         IV size: 16 bytes         replay detection support: Y         Status: ACTIVE      outbound ah sas:      outbound pcp sas:


3 comments:

Pynky Trasmonte said...

how much is the exam in pesos? where did you took the exam around manila?

Zu said...

Can you share the gns3 topology please, i am going to take the ccna 640-802 in few weeks and i am trying to do this as part of my lab... ty

Sinelogix said...

Wow really good information
Web Designer in Bangalore

Post a Comment

About Me

aspiring computer and network engineer, programmer, with fascination in webdesign and development

Connect with me

Twitter  GooglePlus  Facebook  LinkedIn  Blogger

Tweet

Featured Post