Lab 11.1 IPSEC Packet Tracer Lab - squatchulator/Tech-Journal GitHub Wiki

IPSEC Packet Tracer Lab

Network and IPs:

  • Configure all the endpoints and routers to their appropriate IPs using the image below. After this is completed, the routers should all be able to ping eachother but the servers should NOT be able to ping eachother. image

Champlain Router Configurations

enable
conf t
access-list 101 permit ip 172.16.84.0 0.0.0.255 192.168.25.0 0.0.0.255
crypto isakmp policy 10
encryption aes 256
authentication pre-share
group 5
exit
crypto isakmp key NET330 address 140.230.18.2
crypto ipsec transform-set VPN-SET esp-aes esp-sha-hmac
crypto map VPN-MAP 10 ipsec-isakmp
description VPN Connection to Middlebury
set peer 140.230.18.2
set transform-set VPN-SET
match address 101
interface fastethernet0/0
crypto map VPN-MAP

Middlebury Router Confgurations

enable
conf t
ip route 0.0.0.0 0.0.0.0 140.230.18.1
access-list 102 permit ip 192.168.25.0 0.0.0.255 172.16.84.0 0.0.0.255
crypto isakmp policy 10
encryption aes 256
authentication pre-share
group 5
exit
crypto isakmp key NET330 address 216.93.144.2
crypto ipsec transform-set VPN-SET esp-aes esp-sha-hmac
crypto map VPN-MAP 10 ipsec-isakmp
description VPN Connection to Champlain
set peer 216.93.144.2
set transform-set VPN-SET
match address 102
interface fastethernet0/0
crypto map VPN-MAP
  • Now you should be able to ping the endpoints and assuming this all works, you should be able to see how it is encrypted/decrypted via the show crypto ipsec sa command on both routers.