Create VPN Using Cisco Packet Tracer 5.3 - Immux

Recent

Immux

Tech Tips, Tricks, Tutorials and Hacking

Great Deals on Immux Deals

Great Deals on Immux Deals
Great Deals on Immux Deals

Post Top Ad

Saturday, February 8, 2014

Create VPN Using Cisco Packet Tracer 5.3


  • Create network as shown in first image or download ready made template [VPN.pkt]



Then run following commands:


  • For Router1: type the following commands :
Router(config)#crypto isakmp enable            <=== enable IPsec
Router(config)#crypto isakmp policy 1          <===  set new policy with number 1
Router(config-isakmp)#authentication pre-share <=== using shred key authentication method (if use certification use rsa-sig instead of pre-share)
Router(config-isakmp)#encryption aes           <=== use symmetric encryption AES
Router(config-isakmp)#hash sha                 <=== use hash alghorthim sha for data integrity
Router(config-isakmp)#group 2                  <=== use diffe helman group 2
Router(config-isakmp)#exit
Router(config)#crypto isakmp key 0 address 11.0.0.1  0.0.0.0  <=== 0 is the key will used with next site , next site ip address 11.0.0.1 and note on packet tracer you use 0.0.0.0 instead of subnetmask
Router(config)#crypto ipsec transform-set yasser esp-aes esp-sha-hmac  <=== set transform set called yasser and esp is the protocol will be used , u can use AH on internal VPN
Router(config)#crypto ipsec security-association lifetime seconds 86400          <=== key expire after 86400 seconds

Router(config)#ip access-list extended ramzy    
<=== ACL called ramzy to tell which traffic will use the vpn tunnel
Router(config-ext-nacl)#permit ip 12.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
Router(config-ext-nacl)#exit
Router(config)#crypto map auda 100 ipsec-isakmp                             <=== create crypto map called auda with seq number 100
% NOTE: This new crypto map will remain disabled until a peer
        and a valid access list have been configured.

Router(config-crypto-map)#match address ramzy                                    
<=== link above ACL to this crypto map
Router(config-crypto-map)#set peer  11.0.0.1                                     
<=== link next site ip address to this crypto map
Router(config-crypto-map)#set pfs 
group2                                          <=== link DH group 2 to this crypto map
Router(config-crypto-map)#set transform-set  yasser                               <=== link above transform set to this crypto map
Router(config-crypto-map)#ex
Router(config)#int fa 0/1                                         
<=== apply crypto map auda to interface face the next site link.
Router(config-if)#crypto map auda
*Jan  3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
Router(config-if)#do wr
Building configuration...
[OK]
Router(config-if)#^Z
Router#


  • For Router0:Type the following commands :
Router(config)#crypto isakmp enable
Router(config)#crypto isakmp policy 1
Router(config-isakmp)#authentication pre-share
Router(config-isakmp)#encryption aes
Router(config-isakmp)#group 2
Router(config-isakmp)#hash sha
Router(config-isakmp)#exit
Router(config)#crypto isakmp key 0 address 11.0.0.2 0.0.0.0
Router(config)#crypto ipsec transform-set yasser esp-aes esp-sha-hmac
Router(config)#crypto ipsec security-association lifetime seconds 86400
Router(config)#ip access-list extended ramzy
Router(config-ext-nacl)#permit ip 10.0.0.0 0.255.255.255 12.0.0.0 0.255.255.255
Router(config-ext-nacl)#exit
Router(config)#crypto map auda 100 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
        and a valid access list have been configured.
Router(config-crypto-map)#match address ramzy
Router(config-crypto-map)#set peer 11.0.0.2
Router(config-crypto-map)#set pfs group2
Router(config-crypto-map)#set transform-set yasser
Router(config-crypto-map)#exit
Router(config)#interface fastEthernet 0/1
Router(config-if)#crypto map auda
*Jan  3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
Router(config-if)#exit
Router(config)#do wr
Building configuration...
[OK]
Router(config)#


  • Then send packet from PC0 to PC1 as shown in following figure.

It will show failed initially as routing info in not present in routers.
  • Now send packet from PC1 to PC0 & PC1 to PC0 as shown in following figure.
Now packet will be delivered successfully.

Final Output.
Now you can try following commands to test VPN on router.

Router#show crypto Isakmp policy
Router#show crypto isakmp sa
Router#show crypto map
Router#show crypto ipsec sa  

Incoming Search Terms:

  • VPN using Packet tracer
  • Virtual private Network in Cisco packet tracer
  • how to create VPN in packet tracer
  • packet tracer working commands VPN

No comments:

Post a Comment

Do your comment here..