Your colleagues at "BigLabs" are very pleased with your performance so far...you managed to succesfully configure the "Basic GRE" lab and the "Site-to-Site IPSEC VPN" lab. Now it's time to show them who the true networking expert is and teach them how to configure a Secure GRE tunnel. This allows you to send routing protocol updates through the GRE tunnel, and use IPSEC to encrypt this traffic....let's do it!
- All IP addresses are preconfigured as specified in the topology picture.
- Router Godzilla and Nessie have the following loopback interfaces:
Godzilla: Loopback0: 126.96.36.199 /24 Loopback1: 188.8.131.52 /24
- Nessie: Loopback0: 184.108.40.206 /24 Loopback1: 220.127.116.11 /24
- Configure EIGRP AS1 on all 3 routers, only advertise the 192.168.12.0 and 192.168.23.0 network, do not advertise the loopbacks.
- Ensure Router Godzilla and Nessie can ping each other.
- Configure a GRE tunnel between Router Godzilla and Nessie.
- Configure the 192.168.13.0 /24 network on the GRE tunnel:
- Ensure you can ping the IP addresses that you configured on the tunnel interface.
- Configure OSPF and use network commands to advertise the network on the GRE tunnel.
- Advertise Loopback1 in OSPF on Router Godzilla and Nessie.
- Ensure you establish a OSPF neighbour relationship and that you see the loopback1 interfaces in the routing table.
- Now it's time to setup the IPSEC connection!
- Create an IKE Policy with the following parameters:
Encryption: AES 256
DH: Group 5
- The pre-shared-key should be "VAULT".
- Create an IPSEC Transform-set with the following parameters:
ESP (Encapsulatiing Security Payload)
Encryption: AES 256
- Create the correct access-lists to encrypt the GRE tunnel traffic.
- Create the correct crypto-map to finish the IPSEC configuration.
- Verify the IPSEC configuration, you can use the following show/debug commands:
show crypto ipsec transform-set
show crypto map
show crypto ipsec sa
- debug crypto isakmp