Your colleagues at “BigLabs” are very pleased with your performance so far…you managed to succesfully configure the “Basic GRE” lab and the “Site-to-Site IPSEC VPN” lab. Now it’s time to show them who the true networking expert is and teach them how to configure a Secure GRE tunnel. This allows you to send routing protocol updates through the GRE tunnel, and use IPSEC to encrypt this traffic….let’s do it!
- All IP addresses are preconfigured as specified in the topology picture.
- Router Godzilla and Nessie have the following loopback interfaces:
Godzilla: Loopback0: 18.104.22.168 /24 Loopback1: 22.214.171.124 /24
- Nessie: Loopback0: 126.96.36.199 /24 Loopback1: 188.8.131.52 /24
- Configure EIGRP AS1 on all 3 routers, only advertise the 192.168.12.0 and 192.168.23.0 network, do not advertise the loopbacks.
- Ensure Router Godzilla and Nessie can ping each other.
- Configure a GRE tunnel between Router Godzilla and Nessie.
- Configure the 192.168.13.0 /24 network on the GRE tunnel:
- Ensure you can ping the IP addresses that you configured on the tunnel interface.
- Configure OSPF and use network commands to advertise the network on the GRE tunnel.
- Advertise Loopback1 in OSPF on Router Godzilla and Nessie.
- Ensure you establish a OSPF neighbour relationship and that you see the loopback1 interfaces in the routing table.
- Now it’s time to setup the IPSEC connection!
- Create an IKE Policy with the following parameters:
Encryption: AES 256
DH: Group 5
- The pre-shared-key should be “VAULT”.
- Create an IPSEC Transform-set with the following parameters:
ESP (Encapsulatiing Security Payload)
Encryption: AES 256
- Create the correct access-lists to encrypt the GRE tunnel traffic.
- Create the correct crypto-map to finish the IPSEC configuration.
- Verify the IPSEC configuration, you can use the following show/debug commands:
show crypto ipsec transform-set
show crypto map
show crypto ipsec sa
- debug crypto isakmp
Configuration FilesYou need to register to download the GNS3 topology file. (Registration is free!)
Once you are logged in you will find the configuration files right here.