In this Practical Exercise, you are the administrator of a set of routers, R1 and R2, along with a Cisco PIX. You are required to configure a GRE tunnel with encryption between the routers so that you can pass IPX traffic across the firewall, which is also running NAT.

Background Information

Task 1: Configure PIX

Step 1. At the PIX console, provide all the configuration required to enable traffic flow to and from the PIX firewall:

- Assign addresses to the interfaces.

- Define NAT.

- Associate a global statement to NAT.

- Define the static services allowed from the external network.

- Define the traffic allowed into the network.

- Define routing for the PIX traffic.

Task 2: Configure IPX

Step 1. At the R3 console, provide all the configuration required to configure an IPX network:

- Enable IPX routing.

- Assign addresses to the interfaces.

Step 2. At the R8 console, provide all the configuration required to configure an IPX network:

- Enable IPX routing.

- Assign addresses to the interfaces.

Task 3: Configure IP

Step 1. At the R3 console, provide all the configuration required to configure an IP network:

- Assign addresses to the interfaces.

Step 2. At the R8 console, provide all the configuration required to configure an IP network:

- Assign addresses to the interfaces.

Task 4: Configure the Tunnel

Step 1. At the R3 console, provide all the configuration required to configure the tunnel interface:

- Assign the tunnel source.

- Assign the tunnel destination.

- Define static routing for the tunnel.

Step 2. At the R8 console, provide all the configuration required to configure the tunnel interface:

- Assign the tunnel source.

- Assign the tunnel destination.

- Define static routing for the tunnel.

Task 5: Configure NAT on R8

Step 1. At the R8 console, provide all the configuration required to configure the tunnel interface:

- Identify traffic for NAT to apply to.

- Define the type of NAT to use.

- Apply NAT to the appropriate interfaces.

Task 6: Define IKE Parameters

Step 1. At the R3 console, provide all the configuration required to set the following IKE settings:

- Define an ISAKMP policy.

- Define the ISAKMP peer and key.

Step 2. At the R8 console, provide all the configuration required to set the following IKE settings:

- Define an ISAKMP policy.

- Define the ISAKMP peer and key.

Task 7: Define IPSec Parameters

Step 1. At the R3 console, provide all the configuration required to set the following IPSec settings:

- Define a crypto access list.

- Define an IPSec transform set.

- Define the IPSec crypto map.

- Associate the crypto map to the Ethernet 0 interface.

Step 2. At the R8 console, provide all the configuration required to set the following IPSec settings:

- Define a crypto access list.

- Define an IPSec transform set.

- Define the IPSec crypto map.

- Associate the crypto map to the Ethernet 0 interface.