Cisco GNS3 Easy VPN - Configuration
I have been using GNS3 to simulate a simple network whereby using Easy VPN on the client to create a secure tunnel for various subnets. I could not get it to work until I read this post on the internet where the user in the forum created a Virtual Machine and then tried to connect to the local network again using Easy VPN and it worked. Below is a copy of my basic network.
The virtual machine has been configured with the following address; 192.168.10.100 255.255.255.0 and is connected to Microsoft Loopback Adapter.
Microsoft Loopback Adapter has the following settings; 192.168.10.254 255.255.255.0
Take it easy.
******* Router 2 ********
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$wH3W$WFnrzTTPaaqAflYdKLfg10
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login VPNXAuthGroup_1 local
aaa authorization network VPNAccessGroup_1 local
!
aaa session-id common
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
ip domain name mynet.local
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
username squirrelsuccess privilege 15 password 0 squirrelsuccess
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group technology
key squirrelsuccess
pool VPNClientsDHCPPool
acl 102
save-password
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map VPNClients client authentication list VPNXAuthGroup_1
crypto map VPNClients isakmp authorization list VPNAccessGroup_1
crypto map VPNClients client configuration address respond
crypto map VPNClients 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
interface Loopback1
ip address 172.17.1.1 255.255.0.0
!
interface Loopback4
ip address 10.30.1.254 255.255.0.0
!
interface FastEthernet0/0
ip address 200.200.1.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.10.40 255.255.255.0
duplex auto
speed auto
crypto map VPNClients
!
interface FastEthernet1/0
ip address 10.10.1.1 255.255.0.0
speed 100
half-duplex
!
router eigrp 200
network 10.0.0.0
network 172.17.0.0
network 192.168.1.0
network 192.168.50.0
network 200.200.1.0
no auto-summary
!
ip local pool VPNClientsDHCPPool 192.168.50.1 192.168.50.254
ip forward-protocol nd
ip route 192.168.50.0 255.255.255.0 FastEthernet0/1 permanent
!
!
ip http server
ip http authentication local
no ip http secure-server
!
access-list 102 permit ip 172.17.0.0 0.0.255.255 any
access-list 102 permit ip 200.200.1.0 0.0.0.3 any
access-list 102 permit ip 10.10.0.0 0.0.255.255 any
access-list 102 permit ip 172.20.0.0 0.0.255.255 any
!
control-plane
!
alias interface show do show
alias configure show do show
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 5 15
exec-timeout 0 0
privilege level 15
logging synchronous
!
!
end
******* Router 3 ********
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
interface Loopback1
ip address 172.18.1.1 255.255.0.0
!
interface FastEthernet0/0
ip address 172.20.1.1 255.255.0.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.1.2 255.255.0.0
speed 100
half-duplex
!
router eigrp 200
network 10.0.0.0
network 172.18.0.0
network 172.20.0.0
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
alias interface show do show
alias configure show do show
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
no login
line vty 5 15
exec-timeout 0 0
privilege level 15
logging synchronous
no login
!
!
end
The virtual machine has been configured with the following address; 192.168.10.100 255.255.255.0 and is connected to Microsoft Loopback Adapter.
Microsoft Loopback Adapter has the following settings; 192.168.10.254 255.255.255.0
If you are interested in the configuration of routers R2 and R3, see below.
Take it easy.
******* Router 2 ********
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$wH3W$WFnrzTTPaaqAflYdKLfg10
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login VPNXAuthGroup_1 local
aaa authorization network VPNAccessGroup_1 local
!
aaa session-id common
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
ip domain name mynet.local
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
username squirrelsuccess privilege 15 password 0 squirrelsuccess
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group technology
key squirrelsuccess
pool VPNClientsDHCPPool
acl 102
save-password
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map VPNClients client authentication list VPNXAuthGroup_1
crypto map VPNClients isakmp authorization list VPNAccessGroup_1
crypto map VPNClients client configuration address respond
crypto map VPNClients 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
interface Loopback1
ip address 172.17.1.1 255.255.0.0
!
interface Loopback4
ip address 10.30.1.254 255.255.0.0
!
interface FastEthernet0/0
ip address 200.200.1.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.10.40 255.255.255.0
duplex auto
speed auto
crypto map VPNClients
!
interface FastEthernet1/0
ip address 10.10.1.1 255.255.0.0
speed 100
half-duplex
!
router eigrp 200
network 10.0.0.0
network 172.17.0.0
network 192.168.1.0
network 192.168.50.0
network 200.200.1.0
no auto-summary
!
ip local pool VPNClientsDHCPPool 192.168.50.1 192.168.50.254
ip forward-protocol nd
ip route 192.168.50.0 255.255.255.0 FastEthernet0/1 permanent
!
!
ip http server
ip http authentication local
no ip http secure-server
!
access-list 102 permit ip 172.17.0.0 0.0.255.255 any
access-list 102 permit ip 200.200.1.0 0.0.0.3 any
access-list 102 permit ip 10.10.0.0 0.0.255.255 any
access-list 102 permit ip 172.20.0.0 0.0.255.255 any
!
control-plane
!
alias interface show do show
alias configure show do show
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 5 15
exec-timeout 0 0
privilege level 15
logging synchronous
!
!
end
******* Router 3 ********
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
interface Loopback1
ip address 172.18.1.1 255.255.0.0
!
interface FastEthernet0/0
ip address 172.20.1.1 255.255.0.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.1.2 255.255.0.0
speed 100
half-duplex
!
router eigrp 200
network 10.0.0.0
network 172.18.0.0
network 172.20.0.0
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
alias interface show do show
alias configure show do show
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
no login
line vty 5 15
exec-timeout 0 0
privilege level 15
logging synchronous
no login
!
!
end
Comments
Post a Comment