Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Archive
Su Mo Tu We Th Fr Sa
1234
567891011
12131415161718
19202122232425
262728293031
Syndication
Newsletter
Subscribe to newsletter:


Home : CCNP : Router to VPN Client with a Preshared Key and NAT

Router to VPN Client with a Preshared Key and NAT

Jul 22,2008 by admin

small font medium font large font
image

Router to VPN Client with a Preshared Key and NAT

Complete the tasks outlined in this Practical Exercise. Also review the Practical Exercise solution to see how you did and to see what concepts you might need to review.

In this Practical Exercise, you are the administrator of a router that will be the terminating endpoint for VPNs from a VPN client.

Background Information

You will configure your router with the following options. Your router will issue the user an IP address from a pool of addresses, wildcard preshared keys, and NAT. This will allow an off-site user to gain access to your network and have an internal IP address, making it appear to the user that he or she is inside your network. Because you are using private addressing, NAT is involved, and your router must be told what to translate and what not to translate. You will use the topology shown in Figure 14-9.

Figure 14-9. Router to VPN Client with a Preshared Key and NAT

graphics/14fig09.gif

Task 1: Verify Compatibility with Existing Access Lists

To run IKE and IPSec, you need to ensure that any existing access lists are compatible with both protocols. Any existing access lists must allow the ports required by IKE and IPSec to pass through them.

Task 2: Create Network Address Translation

Step 1. At the R3 console, provide all the configuration required to set the following NAT settings:

- Define a NAT pool.

- Define an access list for NAT.

- Define the NAT route map.

- Define the NAT interfaces.

Task 3: Define IKE Parameters

Step 1. At the R3 console, provide all the configuration required to set the following IKE settings:

- Define an ISAKMP policy.

- Define the ISAKMP peer and key.

- Define the address assignment for the client.

Task 4: Define IPSec Parameters

Step 1. At the R3 console, provide all the configuration required to set the following IPSec settings:

- Define an IPSec transform set.

- Define the IPSec dynamic crypto map.

- Define the IPSec crypto map.

- Define the IPSec crypto map.

- Associate the crypto map to the Ethernet 0 interface.

Task 5: Define the Client Parameters

Step 1. On the client PC, provide all the configuration required to create the connection IPSec settings:

- Create the connection.

- Identify the remote peer.

- Identify the Phase 1 information.

- Identify the Phase 2 information.

- Identify the other connection information.

6 times read

Related news
No matching news for this article
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
WAN Optimization
arrow Managing Applications
arrow Testing New Applications
arrow Reducing Application Latency
arrow Managing Distributed Servers
arrow Protecting Data on Distributed Servers
arrow Providing Timely Remote Service and Support
arrow Using Centralized Management Methods
arrow Facing the Unavoidable WAN
arrow Changing the Application Business Model
arrow Consolidating and Protecting Servers in the New IT Operational Model
arrow Server Consolidation
arrow Compliance, Data Protection, Business Continuity, and Disaster Recovery
arrow Business Continuance and Disaster Recovery
arrow Networks and Application Performance
arrow Bandwidth
arrow Latency
arrow Understanding Why TCP Adds Latency
arrow ACK Message
arrow Checksum Verification
arrow Data Reordering
arrow Flow Control
arrow Understanding How Other Protocols Add Latency
arrow Understanding the Physics Aspect of Latency
arrow Serialization Delays
arrow Processing Delays
arrow Forwarding Delays
arrow Understanding Application Protocol Latency
arrow Throughput
arrow Application and Protocol Barriers to Application Performance
arrow Application Protocols
arrow CIFS
arrow HTTP
CCNP
arrow Types of Remote-Access Users
arrow Remote-Access Technologies
arrow Frame Relay
arrow Serial Links
arrow ISDN
arrow Analog
arrow DSL
arrow Asymmetric DSL
arrow Symmetric DSL
arrow Cable Modem Services
arrow Building a CCNP Remote-Access Lab
arrow Creating LANs
arrow Creating WANs by Using a Cisco Router as a Frame Relay Switch
arrow Configuring the Clock Rate on a DCE Interface
arrow show controller Command
arrow Configuring a Cisco Router as a Frame Relay Switch
arrow Configuring a Basic Frame Relay Switch
arrow Entire Frame Relay Configuration
arrow Creating Asynchronous, ISDN, PPP, DDR, Dial Backup, AAA, and Security Labs
arrow Modem Connections and Operation Overview
arrow A Typical Modem Connection
arrow Communication Between DTE Devices
arrow DTE-to-DCE Communication
arrow Modem Control Functions
arrow DCE-to-DCE Communication
arrow RJ-45 Wiring and Cables
arrow DTE-to-DCE Wiring
arrow Data Compression and Error Control
arrow Configuring the Modem (DCE)
arrow Connecting to the Modem (DCE)
arrow Differentiating Between a Forward and Reverse Connection to a Modem
arrow Configuring a Reverse-Telnet Session
Cisco IOS
arrow IOS
arrow Configuring the Router via TFTP
arrow Saving Router Configuration to Server
arrow Booting the Router Using a Remote Configuration File
arrow Storing Configuration Files Larger Than NVRAM
arrow Clearing the Startup Configuration
arrow Loading a New IOS Image
arrow Booting a Different IOS Image
arrow Booting over the Network
arrow Copying an IOS Image to a Server
arrow Copying an IOS Image Through the Console
arrow Deleting Files from Flash
arrow Partitioning Flash
arrow Using the Router as a TFTP Server
arrow Generating Large Numbers of Router Configurations
arrow Changing the Configurations of Many Routers at Once
arrow Extracting Hardware Inventory Information
arrow Backing Up Router Configurations
arrow Warm Reload
arrow Warm Upgrade
arrow Configuration Archiving
arrow Locking Configuration Access
arrow Creating Command Aliases
arrow Managing the Router's ARP Cache
arrow Tuning Router Buffers
arrow Auto Tuning Buffers
arrow Using the Cisco Discovery Protocol
arrow Disabling the Cisco Discovery Protocol
arrow Using the Small Servers
arrow Enabling HTTP Access to a Router
arrow Enabling Secure HTTP (HTTPS) Access to a Router
arrow Using Static Hostname Tables
Voice Over IP
arrow Robbed-Bit Signaling
arrow Channel Associated Signaling T1
arrow E1 Channel Associated Signaling
arrow Framing and Signaling
arrow Channel Associated Signaling - E1
arrow Enabling VoIP Fax and Modem Transmission
arrow Cisco Fax Relay
arrow T.38 Fax Relay
arrow T.37 Fax Store and Forward
arrow Fax Pass-Through
arrow Modem Pass-Through
arrow Navigating Your Hands-On Lab
arrow Initial Configuration
arrow Router R1's Configuration
arrow Router R2's Configuration
arrow Router R3's Configuration
arrow Router R1's show ip route Output
arrow Router R2's show ip route Output
arrow Router R3's show ip route Output
arrow Router R1's ping 10.7.7.2 Output
arrow Voice Interface Configuration
arrow Configuring Voice Ports
arrow Voice Applications
arrow Local Calls
arrow On-Net Calls
arrow Off-Net Calls
arrow PLAR Calls
arrow PBX-to-PBX Calls
arrow CallManager-to-CallManager Calls
arrow On-Net to Off-Net Calls
arrow Voice Port Call Types Type of Call
arrow FXS Ports
LAN Switching Foundation Technologies
arrow Broadcasts and Multicasts
arrow Introducing Spanning Tree Protocol
arrow Bridging Loop
arrow Spanning Tree Blocking
arrow Spanning Tree Operations
arrow Switch1 Becomes Root
arrow Spanning Tree Interface Costs Bandwidth
arrow Bridge Protocol Data Unit Format
arrow Spanning Tree Port Transitions and Timers
arrow Topology Changes in STP
arrow Topology Change Because of a Link Failure
arrow LAN Switch Architecture
arrow Receiving Data—Switching Modes
arrow Cut-Through Mode
arrow Fragment-Free Mode
arrow Store-and-Forward Mode
arrow Switching Data
arrow Shared Bus Switching
arrow Frame Flow in a Shared Bus
arrow Crossbar Switching
arrow Buffering Data
arrow Port Buffered Memory
arrow Shared Memory
arrow Oversubscribing the Switch Fabric
arrow Congestion and Head-of-Line Blocking
arrow In the Beginning—Catalyst 5000/5500 (Project Synergy)
arrow Catalyst 5000/5500 Switch Components
arrow Chassis
arrow Catalyst 5000/5500 Models Model
arrow Network Management Processor (NMP)
arrow Master Communications Processor (MCP).
arrow Nonvolatile random-access memory (NVRAM)
Most Popular
Most Commented
Featured Author

admin

image
Cisco Articles