Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Archive
Su Mo Tu We Th Fr Sa
1234
567891011
12131415161718
19202122232425
262728293031
Syndication
Newsletter
Subscribe to newsletter:


Home : CCNP : IPSec/GRE with NAT

IPSec/GRE with NAT

Jul 22,2008 by admin

small font medium font large font
image

IPSec/GRE with NAT

Complete the tasks outlined in this Practical Exercise. Also review the Practical Exercise solution to see how you did and to see what concepts you might need to review.

In this Practical Exercise, you are the administrator of a set of routers, R1 and R2, along with a Cisco PIX. You are required to configure a GRE tunnel with encryption between the routers so that you can pass IPX traffic across the firewall, which is also running NAT.

Background Information

You will configure a GRE tunnel with encryption between two routers with a firewall in the middle, as illustrated in Figure 14-8.

Figure 14-8. IPSec/GRE with NAT

graphics/14fig08.gif

Task 1: Configure PIX

Step 1. At the PIX console, provide all the configuration required to enable traffic flow to and from the PIX firewall:

- Assign addresses to the interfaces.

- Define NAT.

- Associate a global statement to NAT.

- Define the static services allowed from the external network.

- Define the traffic allowed into the network.

- Define routing for the PIX traffic.

Task 2: Configure IPX

Step 1. At the R3 console, provide all the configuration required to configure an IPX network:

- Enable IPX routing.

- Assign addresses to the interfaces.

Step 2. At the R8 console, provide all the configuration required to configure an IPX network:

- Enable IPX routing.

- Assign addresses to the interfaces.

Task 3: Configure IP

Step 1. At the R3 console, provide all the configuration required to configure an IP network:

- Assign addresses to the interfaces.

Step 2. At the R8 console, provide all the configuration required to configure an IP network:

- Assign addresses to the interfaces.

Task 4: Configure the Tunnel

Step 1. At the R3 console, provide all the configuration required to configure the tunnel interface:

- Assign the tunnel source.

- Assign the tunnel destination.

- Define static routing for the tunnel.

Step 2. At the R8 console, provide all the configuration required to configure the tunnel interface:

- Assign the tunnel source.

- Assign the tunnel destination.

- Define static routing for the tunnel.

Task 5: Configure NAT on R8

Step 1. At the R8 console, provide all the configuration required to configure the tunnel interface:

- Identify traffic for NAT to apply to.

- Define the type of NAT to use.

- Apply NAT to the appropriate interfaces.

Task 6: Define IKE Parameters

Step 1. At the R3 console, provide all the configuration required to set the following IKE settings:

- Define an ISAKMP policy.

- Define the ISAKMP peer and key.

Step 2. At the R8 console, provide all the configuration required to set the following IKE settings:

- Define an ISAKMP policy.

- Define the ISAKMP peer and key.

Task 7: Define IPSec Parameters

Step 1. At the R3 console, provide all the configuration required to set the following IPSec settings:

- Define a crypto access list.

- Define an IPSec transform set.

- Define the IPSec crypto map.

- Associate the crypto map to the Ethernet 0 interface.

Step 2. At the R8 console, provide all the configuration required to set the following IPSec settings:

- Define a crypto access list.

- Define an IPSec transform set.

- Define the IPSec crypto map.

- Associate the crypto map to the Ethernet 0 interface.

3 times read

Related news
No matching news for this article
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
WAN Optimization
arrow Managing Applications
arrow Testing New Applications
arrow Reducing Application Latency
arrow Managing Distributed Servers
arrow Protecting Data on Distributed Servers
arrow Providing Timely Remote Service and Support
arrow Using Centralized Management Methods
arrow Facing the Unavoidable WAN
arrow Changing the Application Business Model
arrow Consolidating and Protecting Servers in the New IT Operational Model
arrow Server Consolidation
arrow Compliance, Data Protection, Business Continuity, and Disaster Recovery
arrow Business Continuance and Disaster Recovery
arrow Networks and Application Performance
arrow Bandwidth
arrow Latency
arrow Understanding Why TCP Adds Latency
arrow ACK Message
arrow Checksum Verification
arrow Data Reordering
arrow Flow Control
arrow Understanding How Other Protocols Add Latency
arrow Understanding the Physics Aspect of Latency
arrow Serialization Delays
arrow Processing Delays
arrow Forwarding Delays
arrow Understanding Application Protocol Latency
arrow Throughput
arrow Application and Protocol Barriers to Application Performance
arrow Application Protocols
arrow CIFS
arrow HTTP
CCNP
arrow Types of Remote-Access Users
arrow Remote-Access Technologies
arrow Frame Relay
arrow Serial Links
arrow ISDN
arrow Analog
arrow DSL
arrow Asymmetric DSL
arrow Symmetric DSL
arrow Cable Modem Services
arrow Building a CCNP Remote-Access Lab
arrow Creating LANs
arrow Creating WANs by Using a Cisco Router as a Frame Relay Switch
arrow Configuring the Clock Rate on a DCE Interface
arrow show controller Command
arrow Configuring a Cisco Router as a Frame Relay Switch
arrow Configuring a Basic Frame Relay Switch
arrow Entire Frame Relay Configuration
arrow Creating Asynchronous, ISDN, PPP, DDR, Dial Backup, AAA, and Security Labs
arrow Modem Connections and Operation Overview
arrow A Typical Modem Connection
arrow Communication Between DTE Devices
arrow DTE-to-DCE Communication
arrow Modem Control Functions
arrow DCE-to-DCE Communication
arrow RJ-45 Wiring and Cables
arrow DTE-to-DCE Wiring
arrow Data Compression and Error Control
arrow Configuring the Modem (DCE)
arrow Connecting to the Modem (DCE)
arrow Differentiating Between a Forward and Reverse Connection to a Modem
arrow Configuring a Reverse-Telnet Session
Cisco IOS
arrow IOS
arrow Configuring the Router via TFTP
arrow Saving Router Configuration to Server
arrow Booting the Router Using a Remote Configuration File
arrow Storing Configuration Files Larger Than NVRAM
arrow Clearing the Startup Configuration
arrow Loading a New IOS Image
arrow Booting a Different IOS Image
arrow Booting over the Network
arrow Copying an IOS Image to a Server
arrow Copying an IOS Image Through the Console
arrow Deleting Files from Flash
arrow Partitioning Flash
arrow Using the Router as a TFTP Server
arrow Generating Large Numbers of Router Configurations
arrow Changing the Configurations of Many Routers at Once
arrow Extracting Hardware Inventory Information
arrow Backing Up Router Configurations
arrow Warm Reload
arrow Warm Upgrade
arrow Configuration Archiving
arrow Locking Configuration Access
arrow Creating Command Aliases
arrow Managing the Router's ARP Cache
arrow Tuning Router Buffers
arrow Auto Tuning Buffers
arrow Using the Cisco Discovery Protocol
arrow Disabling the Cisco Discovery Protocol
arrow Using the Small Servers
arrow Enabling HTTP Access to a Router
arrow Enabling Secure HTTP (HTTPS) Access to a Router
arrow Using Static Hostname Tables
Voice Over IP
arrow Robbed-Bit Signaling
arrow Channel Associated Signaling T1
arrow E1 Channel Associated Signaling
arrow Framing and Signaling
arrow Channel Associated Signaling - E1
arrow Enabling VoIP Fax and Modem Transmission
arrow Cisco Fax Relay
arrow T.38 Fax Relay
arrow T.37 Fax Store and Forward
arrow Fax Pass-Through
arrow Modem Pass-Through
arrow Navigating Your Hands-On Lab
arrow Initial Configuration
arrow Router R1's Configuration
arrow Router R2's Configuration
arrow Router R3's Configuration
arrow Router R1's show ip route Output
arrow Router R2's show ip route Output
arrow Router R3's show ip route Output
arrow Router R1's ping 10.7.7.2 Output
arrow Voice Interface Configuration
arrow Configuring Voice Ports
arrow Voice Applications
arrow Local Calls
arrow On-Net Calls
arrow Off-Net Calls
arrow PLAR Calls
arrow PBX-to-PBX Calls
arrow CallManager-to-CallManager Calls
arrow On-Net to Off-Net Calls
arrow Voice Port Call Types Type of Call
arrow FXS Ports
LAN Switching Foundation Technologies
arrow Broadcasts and Multicasts
arrow Introducing Spanning Tree Protocol
arrow Bridging Loop
arrow Spanning Tree Blocking
arrow Spanning Tree Operations
arrow Switch1 Becomes Root
arrow Spanning Tree Interface Costs Bandwidth
arrow Bridge Protocol Data Unit Format
arrow Spanning Tree Port Transitions and Timers
arrow Topology Changes in STP
arrow Topology Change Because of a Link Failure
arrow LAN Switch Architecture
arrow Receiving Data—Switching Modes
arrow Cut-Through Mode
arrow Fragment-Free Mode
arrow Store-and-Forward Mode
arrow Switching Data
arrow Shared Bus Switching
arrow Frame Flow in a Shared Bus
arrow Crossbar Switching
arrow Buffering Data
arrow Port Buffered Memory
arrow Shared Memory
arrow Oversubscribing the Switch Fabric
arrow Congestion and Head-of-Line Blocking
arrow In the Beginning—Catalyst 5000/5500 (Project Synergy)
arrow Catalyst 5000/5500 Switch Components
arrow Chassis
arrow Catalyst 5000/5500 Models Model
arrow Network Management Processor (NMP)
arrow Master Communications Processor (MCP).
arrow Nonvolatile random-access memory (NVRAM)
Most Popular
Most Commented
Featured Author

admin

image
Cisco Articles