IPSEC over GRE 


Not something that you would want to do in production but the following configuration is to tunnel IPSEC over GRE (As apposed to GRE inside IPSEC). This is based on a lab from the excellent gns3vault.com link below for the video explanation and final configs.

http://gns3vault.com/tunneling/gre-over-ipsec/




########################
## NYC ##
########################
int fa0/0
 ip addr 192.168.12.1 255.255.255.0
 no shut

 int lo0
 ip addr 11.11.11.11 255.255.255.0
crypto isakmp policy 1
encryption aes 256
group 5
authentication pre-shar

 crypto isakmp key 0 PA$$WORD address 192.168.23.3

 crypto ipsec  transform-set NY_TRANS_SET esp-aes esp-sha-hmac

 crypto ipsec profile TUNNEL_PROTECT
 set transform-set NY_TRANS_SET

 int tu10
 tunnel source fa0/0
 tunnel destination 192.168.23.3
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile TUNNEL_PROTECT
ip route 33.33.33.0 255.255.255.0 192.168.13.3

 router eigrp 1
network 192.168.12.0
########################
## SAN FRANCISCO ##
########################

 int fa0/0
 ip addr 192.168.23.3 255.255.255.0
 no shut

 int lo0
 ip addr 33.33.33.33 255.255.255.0
crypto isakmp policy 1
encryption aes 256
group 5
authentication pre-shar

 crypto isakmp key 0 PA$$WORD address 192.168.12.1

 crypto ipsec  transform-set SF_TRANS_SET esp-aes esp-sha-hmac

 crypto ipsec profile TUNNEL_PROTECT
 set transform-set SF_TRANS_SET

 int tu10
 tunnel source fa0/0
 tunnel destination 192.168.12.1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile TUNNEL_PROTECT

ip route 11.11.11.0 255.255.255.0 192.168.13.1

 router eigrp 1
network 192.168.23.0
########################
## INTERNET ##
########################

 int fa0/0
 ip addr 192.168.12.2 255.255.255.0
 no shut

 int fa0/1
 ip addr 192.168.23.2 255.255.255.0

 router eigrp 1
 network 192.168.12.0
 network 192.168.23.0

Comments

Post a Comment

Popular posts from this blog

Image
VXLAN - GNS3 (VEOS \ IOU_L3)  Images:  Spine - IOU - i86bi_linux-adventerprisek9-ms.152-4.M1" Leaf -  vEOS - 4.13.16M-3213248.41316M.1   This was my first crack at configuring VXLAN i used a combination of vEOS and IOS because that is closest to what I run in my production environment. The actual vxlan configuration is very easy its more about making sure the underlying connectivity is in place. You can build the same lab in GNS3 using the CSR router and EIGRP which should be simpler (I had some issues with route summarization). The most important thing to confirm before starting on the vxlan configuration is that you have full reachability between all the loopbacks. Anyway it worked for me next step is doing this with EVPN. ################# ## SPINE-1 ## ################# conf t ## GENERAL ## hostname SPINE-1 ip multicast-routing ## INTERFACES ## int e0/1 ip addr 10.0.11.1 255.255.255.252 int e0/2 ip add...
Read more

Configure OSPF Juniper SRX

Quick page to remind me how to configure OSPF on SRX's as its been a while. ############# # R1 # ############# set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.1/30 set interfaces ge-0/0/1 unit 0 family inet address 192.168.0.1/24 set interfaces lo0 unit 0 family inet address 1.1.1.1/32 set routing-options router-id 1.1.1.1 set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 set security zones security-zone TRUST interfaces ge-0/0/0.0 host-inbound-traffic system-services ping set security zones security-zone TRUST interfaces ge-0/0/0.0 host-inbound-traffic system-services traceroute set security zones security-zone TRUST interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh set security zones security-zone TRUST interfaces ge-0/0/0.0 host-inbound-traffic protocols ospf set security zones security-zone TRUST address-book address BAML 159.5.153.0/24 set security zones security-zone TRUST host-inbound-traffic system-services all se...
Read more

Upgrading JUNOS via USB

I borrowed this guide from Juniper but keeping it here incase i cannot find it going forward. You need to have a fat32 or smaller than 4gb partitioned USB flash disk.  Enter the shell as root: user@switch> start shell user root Password: root@switch% Before inserting the USB device, perform the following: root@% ls /dev/da* /dev/da0 /dev/da0s1c /dev/da0s2a /dev/da0s3 /dev/da0s3e /dev/da0s1 /dev/da0s1f /dev/da0s2c /dev/da0s3c /dev/da0s1a /dev/da0s2 /dev/da0s2f /dev/da0s3d Insert the USB drive in the USB port. The following output will be displayed: root@% umass1: TOSHIBA TransMemory, rev 2.00/1.00, addr 3 da2 at umass-sim1 bus 1 target 0 lun 0 da2: <TOSHIBA TransMemory 5.00> Removable Direct Access SCSI-0 device da2: 40.000MB/s transfers da2: 983MB (2013184 512 byte sectors: 64H 32S/T 983C) root@% ls /dev/da* /dev/da0 /dev/da0s1c /dev/da0s2a /dev/da0s3 /dev/da0s3e /dev/da0s1 /dev/da0s1f /dev/da0s2c /dev/da0s3c /dev/da2 /dev/da0s1a /dev/da...
Read more