Both the endpoints are configured with IKE version as IKEv2. In this configuration also, Cisco CSR (IOS-XR) is one VPN endpoint and the other VPN endpoint resides on the SDDC running in VMware Cloud on AWS SDDC. Neighbor 169.254.255.1 soft-reconfiguration inbound ! as a test, we will advertise the fake network we created on Loopback 0 ! the neighbor should be the VTI address of the sddc edge. Tunnel protection ipsec profile ipsec-profile-sddc ! this enables ipsec encryption for the VTI use a range which is not currently in use on this router or the sddc edge ! a fake network we will use for testing. Set security-association lifetime seconds 3600Ĭrypto ipsec security-association replay window-size 128Ĭrypto ipsec fragmentation before-encryption always use tunnel modeĬrypto ipsec transform-set ipsec-sddc esp-aes 256 esp-sha256-hmac ! create a profile for the remote sddc edge Pre-shared-key address 203.0.113.10 key myverysecretkey ! specify the pre-share key for the remote sddc edge Both the endpoints are configured with IKE version as IKEv2.įollowing is the configuration for VPN endpoint in VMware Cloud on AWS SDDC and Cisco CSR. Following is the configuration for VPN endpoint in VMware Cloud on AWS SDDC and Cisco CSR. Both the endpoints are configured with IKE version as IKEv1. Local crypto endpt.: 100.100.100.1, remote crypto endpt.: this configuration, Cisco CSR (IOS-XR) is one VPN endpoint and the other VPN endpoint resides on the SDDC running in VMware Cloud on AWS SDDC. #pkts not decompressed: 0, #pkts decompress failed: 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts decaps: 6, #pkts decrypt: 6, #pkts verify: 0 #pkts encaps: 7, #pkts encrypt: 7, #pkts digest: 0 The R_02 router acts as an internet provider and has no knowledge of other networks except its directly connected network.Ĭrypto map tag: IPSEC-MAP, local addr 100.100.100.1 We are using the 1941 Routers for this topology.Ģ/ Connect the other devices together using a straight through cable connection.Ĭonfigure the interface IP addresses on the routers and a default route on R_01 and R_03 pointing to the R_02 router. Hope someone will find it helpful.īelow is the topology that was used for this lab and steps taken by the students.ġ/ Use a crossover cable to connect the routers together. This blog is a summary of the hand-on lab that I prepared for the students. It has been more than 6 years since I used it so I was a little rusty, but I always say that once you properly understand networking, it’s really difficult to unlearn it. In the end, I remembered Cisco’s Packet Tracer. I spent a while wondering what labs I could prepare for them to give them the much desired practical skills. The topic of the week was Network Operations and we touched on VPN tunnelling. At the end of the course, the students are expected to pass several exams among which was the Comptia Network+ Exam. I offered to be a volunteer trainer for a Network Security Bootcamp whose aim was to provide practical experience to new graduates and prepare them for a job in the Network Security field.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |