Create VPN Using Cisco Packet Tracer 5.3 - Immux

Recent

Immux

Welcome to my tech-blog.

Great Deals on Immux Deals

Great Deals on Immux Deals
Great Deals on Immux Deals

Post Top Ad

Saturday, February 8, 2014

Create VPN Using Cisco Packet Tracer 5.3


  • Create network as shown in first image or download ready made template [VPN.pkt]



Then run following commands:


  • For Router1: type the following commands :
Router(config)#crypto isakmp enable            <=== enable IPsec
Router(config)#crypto isakmp policy 1          <===  set new policy with number 1
Router(config-isakmp)#authentication pre-share <=== using shred key authentication method (if use certification use rsa-sig instead of pre-share)
Router(config-isakmp)#encryption aes           <=== use symmetric encryption AES
Router(config-isakmp)#hash sha                 <=== use hash alghorthim sha for data integrity
Router(config-isakmp)#group 2                  <=== use diffe helman group 2
Router(config-isakmp)#exit
Router(config)#crypto isakmp key 0 address 11.0.0.1  0.0.0.0  <=== 0 is the key will used with next site , next site ip address 11.0.0.1 and note on packet tracer you use 0.0.0.0 instead of subnetmask
Router(config)#crypto ipsec transform-set yasser esp-aes esp-sha-hmac  <=== set transform set called yasser and esp is the protocol will be used , u can use AH on internal VPN
Router(config)#crypto ipsec security-association lifetime seconds 86400          <=== key expire after 86400 seconds

Router(config)#ip access-list extended ramzy    
<=== ACL called ramzy to tell which traffic will use the vpn tunnel
Router(config-ext-nacl)#permit ip 12.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
Router(config-ext-nacl)#exit
Router(config)#crypto map auda 100 ipsec-isakmp                             <=== create crypto map called auda with seq number 100
% NOTE: This new crypto map will remain disabled until a peer
        and a valid access list have been configured.

Router(config-crypto-map)#match address ramzy                                    
<=== link above ACL to this crypto map
Router(config-crypto-map)#set peer  11.0.0.1                                     
<=== link next site ip address to this crypto map
Router(config-crypto-map)#set pfs 
group2                                          <=== link DH group 2 to this crypto map
Router(config-crypto-map)#set transform-set  yasser                               <=== link above transform set to this crypto map
Router(config-crypto-map)#ex
Router(config)#int fa 0/1                                         
<=== apply crypto map auda to interface face the next site link.
Router(config-if)#crypto map auda
*Jan  3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
Router(config-if)#do wr
Building configuration...
[OK]
Router(config-if)#^Z
Router#


  • For Router0:Type the following commands :
Router(config)#crypto isakmp enable
Router(config)#crypto isakmp policy 1
Router(config-isakmp)#authentication pre-share
Router(config-isakmp)#encryption aes
Router(config-isakmp)#group 2
Router(config-isakmp)#hash sha
Router(config-isakmp)#exit
Router(config)#crypto isakmp key 0 address 11.0.0.2 0.0.0.0
Router(config)#crypto ipsec transform-set yasser esp-aes esp-sha-hmac
Router(config)#crypto ipsec security-association lifetime seconds 86400
Router(config)#ip access-list extended ramzy
Router(config-ext-nacl)#permit ip 10.0.0.0 0.255.255.255 12.0.0.0 0.255.255.255
Router(config-ext-nacl)#exit
Router(config)#crypto map auda 100 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
        and a valid access list have been configured.
Router(config-crypto-map)#match address ramzy
Router(config-crypto-map)#set peer 11.0.0.2
Router(config-crypto-map)#set pfs group2
Router(config-crypto-map)#set transform-set yasser
Router(config-crypto-map)#exit
Router(config)#interface fastEthernet 0/1
Router(config-if)#crypto map auda
*Jan  3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
Router(config-if)#exit
Router(config)#do wr
Building configuration...
[OK]
Router(config)#


  • Then send packet from PC0 to PC1 as shown in following figure.

It will show failed initially as routing info in not present in routers.
  • Now send packet from PC1 to PC0 & PC1 to PC0 as shown in following figure.
Now packet will be delivered successfully.

Final Output.
Now you can try following commands to test VPN on router.

Router#show crypto Isakmp policy
Router#show crypto isakmp sa
Router#show crypto map
Router#show crypto ipsec sa  

Incoming Search Terms:

  • VPN using Packet tracer
  • Virtual private Network in Cisco packet tracer
  • how to create VPN in packet tracer
  • packet tracer working commands VPN

No comments:

Post a Comment

Do your comment here..