TEXT 16
AC - MSCS Guest on 10th November 2024 09:59:55 PM
  1. Radius
  2. aaa new-model
  3. Radius server host address ipv4 10.0.0.2
  4. key abc123
  5. Aaa authentication login default group radius local
  6. Line vty 0 15
  7. Login authentication default
  8.  
  9. Tacacs
  10. Aaa new-model
  11. Aaa authentication login default group tacacs+ local
  12. Aaa authentication enable default group tacacs+ local
  13. Tacacs-server host 192.168.20.2 key Cisco123
  14. Line vty 0 15
  15. Login authentication default
  16.  
  17.  
  18. IPSEC
  19. On Router1 1941
  20. # int s0/0/0
  21. # ip address 10.1.1.1 255.255.255.252
  22. # no shut
  23. # int g0/0
  24. # ip address 192.168.1.1 255.255.255.0
  25. # no shut
  26. On ISP router:
  27. # int s0/0/1
  28. # ip address 10.1.1.2 255.255.255.252
  29. # no shut
  30. # int s0/0/0
  31. # ip address 15.1.1.2 255.255.255.252
  32. # no shut
  33. On Router3
  34. # int s0/0/1
  35. # ip address 15.1.1.1 255.255.255.252
  36. # no shut
  37. # int g0/0
  38. # ip address 172.16.1.1 255.255.255.0
  39. # no shut
  40. Now we will configure static route on Router1 and Router3 and default route on the IPS router.
  41. On Router1
  42. # ip route 0.0.0.0 0.0.0.0 10.1.1.2
  43. On Router3
  44. # ip route 0.0.0.0 0.0.0.0 15.1.1.2
  45. On the ISP router:
  46. # ip route 172.16.1.0 255.255.255.0 15.1.1.1
  47. # ip route 192.168.1.0 255.255.255.0 10.1.1.1
  48. Let us run some pings between the two sites.
  49. On PC-1
  50. # ping 192.168.1.5
  51. On PC-A
  52. # ping 172.16.1.5
  53. If the pings are not successful, troubleshoot the issue and make sure the PCs can ping each other.
  54. Create access-list on Router1
  55. # access-list 100 permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255
  56. Now, I will configure ISAKMP policy on Router1
  57. On Router1:
  58. # cryptop isakmp policy 10
  59. # authentication pre-share
  60. # encryption aes 256
  61. # hash sha
  62. # lifetime 3600
  63. # group 5
  64. Encrypt the key
  65. On Router1
  66. # crypto isakmp key cisco address 15.1.1.1
  67. •     IPsec transform set
  68. On Router1
  69. # crypto ipsec transform-set VPN-SET esp-aes 256 esp-sha-hmac
  70. •     Now creating the crypto   map
  71.  crypto map VPN-MAP 10 ipsec-isakmp
  72.  set peer 15.1.1.1
  73.  set transform-set VPN-SET
  74.  match address 100
  75.  exit
  76. •     Applying the crypto map to the outgoing interface of Router1
  77. # int s0/0/0
  78. # crypto map VPN-MAP
  79. On Router3
  80. # cryptop isakmp policy 10
  81. # authentication pre-share
  82. # encryption aes 256
  83. # group 5
  84. # hash sha
  85. # lifetime 3600
  86. # exit
  87. # crypto key cisco address 10.1.1.1
  88. •     IPsec transform set
  89. # crypto ipsec transform-set VPN-SET esp-aes 256 esp-sha-hamc
  90. •     Creating the access list
  91. # access-list 100 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255
  92. •     Creating the crypto map
  93. # crypto map VPN-MAP 10 ipsec-isakmp
  94. # set peer 10.1.1.1
  95. # set transform-set VPN-SET
  96. # match address 100
  97. # exit
  98. •     Apply the crypto map to the outgoing interface of Router3
  99. # int s0/0/1
  100. # crypto map VPN-MAP
  101.  
  102. Now , ping from PC-A to PC-1 and from PC-1 to PC-A
  103. Run these show commands on Router1 and Router3
  104. # show crypto isakmp sa
  105. # show crypto ipsec sa
  106. # show crypto isakmp policy
  107. # show crypto map

Coding Base is for source code and general debugging text.

Login or Register to edit, delete and keep track of your pastes and more.

Recent Pastes

Advanced Ethical[...]

Advanced Ethical[...]

AC - MSCS

AC - MSCS

Network Security

AC - MSCS

Research[...]

Research[...]

Research[...]

Research[...]

Raw Paste

Login or Register to edit or fork this paste. It's free.

Copyright © 2025 Coding Base. All rights reserved.
Powered by Paste