Search This Blog

Thursday, October 8, 2015

Moving traffic between 2 IPSec tunnels using route-based VPN

Where R2 local network (192.168.20.0/24) can reach R3 local network (192.168.30.0/24) and vice versa but this time using route-based VPN.

The first tunnel is between R1 and R2, the second tunnel is between R1 and R3.
The same network diagram as in the previous post.

R1 configuration:

crypto keyring VPN_KEY_R2
  pre-shared-key address 10.1.12.2 key cisco
!
crypto keyring VPN_KEY_R3
  pre-shared-key address 10.1.13.3 key cisco
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
!
crypto isakmp profile ISAKMP_PROFILE_R2
   keyring VPN_KEY_R2
   match identity address 10.1.12.2 255.255.255.255
!
crypto isakmp profile ISAKMP_PROFILE_R3
   keyring VPN_KEY_R3
   match identity address 10.1.13.3 255.255.255.255
!
crypto ipsec transform-set MYSET esp-aes 256 esp-sha-hmac
!
crypto ipsec profile IPSEC_PROFILE
 set transform-set MYSET
!
interface Tunnel12
 ip address 10.2.0.1 255.255.255.0
 tunnel source fa 0/0
 tunnel destination 10.1.12.2
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile IPSEC_PROFILE
!
interface Tunnel13
 ip address 10.3.0.1 255.255.255.0
 tunnel source fa 1/0
 tunnel destination 10.1.13.3
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile IPSEC_PROFILE
!
ip route 192.168.20.0 255.255.255.0 10.2.0.2
ip route 192.168.30.0 255.255.255.0 10.3.0.3

R2 configuration:

crypto keyring VPN_KEY
  pre-shared-key address 10.1.12.1 key cisco
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
!
crypto isakmp profile ISAKMP_PROFILE
   keyring VPN_KEY
   match identity address 10.1.12.1 255.255.255.255
!
crypto ipsec transform-set MYSET esp-aes 256 esp-sha-hmac
!
crypto ipsec profile IPSEC_PROFILE
 set transform-set MYSET
!
interface Tunnel12
 ip address 10.2.0.2 255.255.255.0
 tunnel source fa 0/0
 tunnel destination 10.1.12.1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile IPSEC_PROFILE
!
ip route 192.168.10.0 255.255.255.0 10.2.0.1
ip route 192.168.30.0 255.255.255.0 10.2.0.1

R3 configuration:

crypto keyring VPN_KEY
  pre-shared-key address 10.1.13.1 key cisco
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
!
crypto isakmp profile ISAKMP_PROFILE
   keyring VPN_KEY
   match identity address 10.1.13.1 255.255.255.255
!
crypto ipsec transform-set MYSET esp-aes 256 esp-sha-hmac
!
crypto ipsec profile IPSEC_PROFILE
 set transform-set MYSET
!
interface Tunnel13
 ip address 10.3.0.3 255.255.255.0
 tunnel source fa 0/0
 tunnel destination 10.1.13.1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile IPSEC_PROFILE
!
ip route 192.168.10.0 255.255.255.0 10.2.0.1
ip route 192.168.20.0 255.255.255.0 10.2.0.1



No comments:

Post a Comment