In this lab, I am to setup the Branch Office network which has different VLANS, runs VOIP, with two APs one for Public and one for Private. The Private AP is connected to the internal private network while the Public AP can only connect to the Internet. There is a SERVER which can be accessed from the Internet and hosts should be able to access the Internet by passing through NAT. Then the Branch Office must be able to connect to the Corporate Office using VPN where in the addresses must not pass NAT.
The most exciting part so far in doing this lab is connecting routers to the Internet via my Network Interface card and I am able to ping Google.com from GNS3! This is real world!
To verify that the tunnel is established:
B1_RT1#sh crypto ipsec sa
interface: FastEthernet0/1
Crypto map tag: MAP_VPN, local addr 192.168.254.101
protected vrf: (none)
local ident (addr/mask/prot/port): (10.1.64.0/255.255.248.0/0/0)
remote ident (addr/mask/prot/port): (10.1.0.0/255.255.192.0/0/0)
current_peer 192.168.254.106 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 14, #pkts encrypt: 14, #pkts digest: 14
#pkts decaps: 15, #pkts decrypt: 15, #pkts verify: 15
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 192.168.254.101, remote crypto endpt.: 192.168.254.106
path mtu 1500, ip mtu 1500
current outbound spi: 0xF579CD64(4118400356)
inbound esp sas:
spi: 0x236155C6(593581510)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2001, flow_id: SW:1, crypto map: MAP_VPN
sa timing: remaining key lifetime (k/sec): (4532799/3138)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xF579CD64(4118400356)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2002, flow_id: SW:2, crypto map: MAP_VPN
sa timing: remaining key lifetime (k/sec): (4532799/3136)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
protected vrf: (none)
local ident (addr/mask/prot/port): (10.1.254.0/255.255.255.252/0/0)
remote ident (addr/mask/prot/port): (10.1.0.0/255.255.192.0/0/0)
current_peer 192.168.254.106 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 4, #pkts encrypt: 4, #pkts digest: 4
#pkts decaps: 4, #pkts decrypt: 4, #pkts verify: 4
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 192.168.254.101, remote crypto endpt.: 192.168.254.106
path mtu 1500, ip mtu 1500
current outbound spi: 0xFA4A18A8(4199159976)
inbound esp sas:
spi: 0x77799CF7(2004458743)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2003, flow_id: SW:3, crypto map: MAP_VPN
sa timing: remaining key lifetime (k/sec): (4597585/3590)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xFA4A18A8(4199159976)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2004, flow_id: SW:4, crypto map: MAP_VPN
sa timing: remaining key lifetime (k/sec): (4597585/3587)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
2 comments:
how much is the exam in pesos? where did you took the exam around manila?
Can you share the gns3 topology please, i am going to take the ccna 640-802 in few weeks and i am trying to do this as part of my lab... ty
Post a Comment