Scribd
Upload
19 views

Manual Lab 3

The document contains configuration steps for a switch, two routers, and setting up an IPsec VPN between the routers. It configures basic settings like interfaces, routing protocols, access control lists, ISAKMP policies, crypto maps, and verifies the IPsec security associations between the routers.

Uploaded by

nunezbarbakatherineromina
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
19 views

Manual Lab 3

The document contains configuration steps for a switch, two routers, and setting up an IPsec VPN between the routers. It configures basic settings like interfaces, routing protocols, access control lists, ISAKMP policies, crypto maps, and verifies the IPsec security associations between the routers.

Uploaded by

nunezbarbakatherineromina
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Configuracion de Switch 1

Switch>EN
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int range f0/1-24
Switch(config-if-range)#sh
Switch(config-if-range)#int range g0/2
Switch(config-if-range)#sh
Switch(config-if-range)#int g0/1
Switch(config-if)#swit
Switch(config-if)#switchport mode trunk
Switch(config-if)#int f0/1
Switch(config-if)#swi
Switch(config-if)#switchport mode acc
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security mac-address sticky
Switch(config-if)#switchport port-security violation sh
Switch(config-if)#switchport port-security max
% Incomplete command.
Switch(config-if)#switchport port-security max
Switch(config-if)#switchport port-security maximum 1
Switch(config-if)#no sh
Switch(config-if)#exit
Switch(config)#line con
Switch(config)#line console 0
Switch(config-line)#pass cisco
Switch(config-line)#login
Switch(config-line)#exit
Switch(config)#enable secret class
Switch(config)#service password-encryption
Switch(config)#banner motd 1
Enter TEXT message. End with the character '1'.
****Access denied****
Katherine Nunez
1

Switch(config)#line vty 0 15
Switch(config-line)#pass
Switch(config-line)#password cisco
Switch(config-line)#login
Switch(config-line)#exit
Switch(config)#no ip domain lookup
Configuracion del router 1

Router(config)#int f0/0
Router(config-if)#ip add 192.168.0.1 255.255.255.0
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#int g0/1
%Invalid interface type and number
Router(config)#no sh
Router(config)#int s0/0/0
Router(config-if)#ip add 10.1.1.2 255.255.255.252
Router(config-if)#no sh

%LINK-5-CHANGED: Interface Serial0/0/0, changed state to down


Router(config-if)#exit
Router(config)#line con 0
Router(config-line)#pass cisco
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#exit
Router(config)#line vty 0 4
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#exit
Router(config)#line aux ?
<0-0> First Line number
Router(config)#line aux 0
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#exit
Router(config)#enable secr
Router(config)#enable secret class
Router(config)#passwo
Router(config)#service pass
Router(config)#service password-encryption
Router(config)#host R1
R1(config)#banner motd 1
Enter TEXT message. End with the character '1'.
****Access denied****
Katherine Nunez

R1(config)#no ip do
R1(config)#no ip doma
R1(config)#no ip domain loo
R1(config)#no ip domain lookup
Configuracion rip ROUTER 1
R1(config)#router rip
R1(config-router)#v 2
R1(config-router)#network
% Incomplete command.
R1(config-router)#network 192.168.0.0
R1(config-router)#network 10.1.1.0
Configuracion rip ROUTER 2
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#router rip
R2(config-router)#net 192.168.1.0
R2(config-router)#net 10.1.1.0
R2(config-router)#net 10.2.2.0
CONFIGURACION RIP DEL R3
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router rip
R3(config-router)#v 2
R3(config-router)#net 192.168.2.0
R3(config-router)#net 10.2.2.0

VPN R1
R1(config)#access-list 110 permit ip192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
^
% Invalid input detected at '^' marker.
R1(config)#access-list 110 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
R1(config)#crypto
% Incomplete command.
R1(config)#crypto ?
dynamic-map Specify a dynamic crypto map template
ipsec Configure IPSEC policy
isakmp Configure ISAKMP policy
key Long term key operations
map Enter a crypto map
R1(config)#crypto isa
% Incomplete command.
R1(config)#crypto isakmp ?
client Set client configuration policy
enable Enable ISAKMP
key Set pre-shared key for remote peer
policy Set policy for an ISAKMP protection suite
R1(config)#crypto isakmp
% Incomplete command.
R1(config)#crypto isa kmp ?
% Unrecognized command
R1(config)#crypto isa kmp
^
% Invalid input detected at '^' marker.
R1(config)#crypto isa kmp ?
% Unrecognized command
R1(config)#crypto isakmp ?
client Set client configuration policy
enable Enable ISAKMP
key Set pre-shared key for remote peer
policy Set policy for an ISAKMP protection suite
R1(config)#crypto isakmp poli
R1(config)#crypto isakmp policy 10
R1(config-isakmp)#?
authentication Set authentication method for protection suite
encryption Set encryption algorithm for protection suite
exit Exit from ISAKMP protection suite configuration mode
group Set the Diffie-Hellman group
hash Set hash algorithm for protection suite
lifetime Set lifetime for ISAKMP security association
no Negate a command or set its defaults
R1(config-isakmp)#encri
R1(config-isakmp)#encrip
R1(config-isakmp)#encryp
R1(config-isakmp)#encryption aes
R1(config-isakmp)#aut
R1(config-isakmp)#authentication pre
R1(config-isakmp)#authentication pre-share
R1(config-isakmp)#group 2
R1(config-isakmp)#exit
R1(config)#crypto isakmp key katyro address 10.2.2.2
R1(config)#crypto ipsec transform-set vpn-set esp-3des esp-sah-hmac
^
% Invalid input detected at '^' marker.
R1(config)#crypto ipsec transform-set vpn-set esp-3des esp-sha-hmac
R1(config)#crypto map vpn_s 10 ip
R1(config)#crypto map vpn_s 10 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
R1(config-crypto-map)#set peer 10.2.2.2
R1(config-crypto-map)#set transform-set vpn
ERROR: transform set with tag vpn does not exist.
R1(config-crypto-map)#set transform-set ?
WORD Proposal tag
R1(config-crypto-map)#set transform-set vpn-set
R1(config-crypto-map)#match address 110
R1(config-crypto-map)#exit
R1(config)#int s0/0/0
R1(config-if)#crypto map vpn_s
*Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
R1(config-if)#

VPN R3
R3(config)#access-list 110 permit ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255
R3(config)#crypto isakmp policy 10
R3(config-isakmp)#en
R3(config-isakmp)#encryption aes
R3(config-isakmp)#aun
R3(config-isakmp)#aut
R3(config-isakmp)#authentication pre
R3(config-isakmp)#authentication pre-share
R3(config-isakmp)#group 2
R3(config-isakmp)#exit
R3(config)#crypto is
% Incomplete command.
R3(config)#crypto iskmp key katyro address 10.1.1.2
^
% Invalid input detected at '^' marker.
R3(config)#crypto isakmp key katyaro address 10.1.1.2
R3(config)#crypto ipsec transform-set vpn-set esp-3des esp-sha-hmac
R3(config)#crypto map vpn_s 10 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
R3(config-crypto-map)#des
R3(config-crypto-map)#description Conexion del router 3 hacia el 1
R3(config-crypto-map)#perr
^
% Invalid input detected at '^' marker.
R3(config-crypto-map)#?
description Description of the crypto map statement policy
exit Exit from ISAKMP protection suite configuration mode
match Match values.
no Negate a command or set its defaults
set Set values for encryption/decryption
R3(config-crypto-map)#set peer 10.1.1.2
R3(config-crypto-map)#set transform-set vpn-set
R3(config-crypto-map)#match address 110
R3(config-crypto-map)#exit
R3(config)#int s0/0/0
R3(config-if)#crypto map vpn_s
*Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
R3(config-if)#
Para la verificacion
R3#show crypto ipsec ?
sa IPSEC SA table
transform-set Crypto transform sets
R3#show crypto ipsec sa

interface: Serial0/0/0
Crypto map tag: vpn_s, local addr 10.2.2.2

protected vrf: (none)


local ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0)
current_peer 10.1.1.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 3, #pkts encrypt: 3, #pkts digest: 0
#pkts decaps: 3, #pkts decrypt: 3, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

You might also like