GNS3 Labs: IPsec VPN with NAT across BGP Internet routers: Wireshark captures. Answers Part 2

GNS3 Topology: https://goo.gl/p7p8pq
Get the VPN Config Generator and all my videos as part of a subscription here: https://goo.gl/mJMZGW
Cisco documentation: https://goo.gl/hjmdFR

For lots more content, visit http://www.davidbombal.com – learn about GNS3, CCNA, Packet Tracer, Python, Ansible and much, much more.

VPN Configuration:

======================================================
! CONFIG FOR: C1 !
! ======================================================

access-list 100 remark ****** Link to C2 ******
access-list 100 permit ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255
!
access-list 101 remark ****** NAT ACL ******
access-list 101 deny ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255
access-list 101 permit ip 10.1.1.0 0.0.0.255 any
!
ip nat inside source route-map nonat interface G0/1 overload
!
route-map nonat permit 10
match ip address 101
!
crypto isakmp policy 10
hash md5
authentication pre-share
encryption 3des
group 2
lifetime 86400
!
crypto isakmp key cisco123 address 8.8.11.2
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
mode tunnel
!
crypto map mymap 1 ipsec-isakmp
description ****** Link to C2 ******
set peer 8.8.11.2
set transform-set myset
set pfs group2
match address 100
set security-association lifetime seconds 86400
set security-association lifetime kilobytes 4608000
!
interface G0/1
crypto map mymap
ip nat outside
!
interface G0/0
ip nat inside

!=====================================================
! CONFIG FOR: C2 !
! ======================================================

access-list 100 remark ****** Link to C1 ******
access-list 100 permit ip 10.1.2.0 0.0.0.255 10.1.1.0 0.0.0.255
!
access-list 101 remark ****** NAT ACL ******
access-list 101 deny ip 10.1.2.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 101 permit ip 10.1.2.0 0.0.0.255 any
!
ip nat inside source route-map nonat interface G0/1 overload
!
route-map nonat permit 10
match ip address 101
!
crypto isakmp policy 10
hash md5
authentication pre-share
encryption 3des
group 2
lifetime 86400
!
crypto isakmp key cisco123 address 8.8.10.2
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
mode tunnel
!
crypto map mymap 2 ipsec-isakmp
description ****** Link to C1 ******
set peer 8.8.10.2
set transform-set myset
set pfs group2
match address 100
set security-association lifetime seconds 86400
set security-association lifetime kilobytes 4608000
!
interface G0/1
crypto map mymap
ip nat outside
!
interface G0/0
ip nat inside

!=========================================

Go here for more: https://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2-0/ip_security/provisioning/guide/IPsecPG1.html

subscribe
  • David Bombal

Search

Categories

Recent Posts

Linux for Hackers Tutorial (And Free Courses)
Install Kali Linux on Windows 11 for FREE
Tails Linux USB with Persistence (Be invisible online in 7 minutes)
Kali Linux USB Live Boot with Persistence (in 5 minutes)
Buffer Overflow Hacking Tutorial (Bypass Passwords)
How to Dual Boot Kali Linux and Windows (in 10 minutes)
Real World Hacking with OTW (Privacy and Cybersecurity IoT warning)
You want Privacy? Ditch Android & Apple and install GrapheneOS (in 8 minutes)
Real World Hacking Tools Tutorial (Target: Tesla)
NSA Backdoor in Windows? This and more from the guy who created Windows Task Manager!
SQL Injection Hacking Tutorial (Beginner to Advanced)
Can AI help you pass your exams? (ChatGPT and Google Bard Exam Quiz Website)
Real World Hacking Demo with OTW
2023 Path to Hacking Success: Top 3 Bug Bounty Tips
Lessons from the Real World (and how you can become an Insider as well)
The New CML (v2.6) is looking great! 😀
Fix slow WiFi ??

Fix slow WiFi ??

Real Talk. Watch and Learn.
New Cybersecurity Certification?
Top 3 Cybersecurity Career Tips (from Ex-NSA Hacker)