Lab 13‐1: IPSEC in Packet Tracer - AidanP017/Aidan-NET-330 GitHub Wiki
Purpose
In this lab, we used Cisco Packet Tracer to configure site-to-site IPSEC for the Champlain and Middlebury college servers.
Assignments
The following assignments were used for the networks.
| Network | Network Address |
|---|---|
| Champlain College Private | 172.16.84.0/24 |
| Champlain College Public | 216.93.144.0/24 |
| Middlebury College Public | 140.230.18.0/24 |
| Middlebury College Private | 192.168.25.0/24 |
Configuring the Interfaces
To start, we configured the appropriate interfaces for both networks.
Champlain Server
Middlebury Server
Champlain Router
Middlebury Router
VTEL ISP Router
Connectivity Testing
After configuring, it should be possible to ping between the Champlain and Middlebury routers based on their public IPs.
Additional Configurations on the Champlain Router
Some additional configurations were made to the Champlain router including an access list, ISAKMP policy, and IPSEC policy.
Access List
For the access list, it is given a number of 101 (must be above 100) and permits traffic from the source address of 172.16.84.0/24 to the destination address of 192.168.25.0/24.
ISAKMP Policy
The first part of the IKE configuration will create an ISAKMP policy with the number "10" and the shared authentication key of "NET330". The encryption, key exchange, and DH methods were also configured in correspondence with Middlebury's public IP (140.230.18.1).
IPSEC Policy
The IPSEC policy is set up to configure the parameters for the internal tunnel that will transfer data between the two networks.
First, we created the transform-set "VPN-SET" using esp-aes and esp-sha-hmac as the cryptographic settings.
Then, we created the crypto map "VPN-MAP" that binds all of the Phase 2 parameters together. The sequence number "10" is used and the map is identified as an ipsec-isakmp map.
After binding the crypto map to the outgoing interface, it should be set up.
Additional Configurations on the Middlebury Router
The same additional configurations as the Champlain router were made on the Middlebury router, but addresses and other settings were reflected where necessary.
Access List
ISAKMP Policy
IPSEC Policy
Encryption Testing
If everything was configured successfully, the command show crypto ipsec sa should show encrypted packets in the stats. This should result from pinging between the Champlain and Middlebury servers.