IT certification lab simulation » cisco exam

dynamips lab:Cisco L2TP over IPSec With windows client

admin — Fri, 10 Apr 2009 01:38:26 +0000

Cisco L2TP over IPSec With Windows ClientI have completed this lab on Dynamips 7200 simulator, the topology is as follow:

1. L2TP Over IPSec Server Configuration (R1)

R1#sh run
version 12.4
!
hostname R1
!
vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
!
username stve6307 password 0 cisco
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco1234 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set ccsp esp-3des esp-sha-hmac
mode transport
!
crypto dynamic-map cc 10
set nat demux
set transform-set ccsp
!
crypto map cisco 10 ipsec-isakmp dynamic cc
!
interface Loopback0
ip address 10.1.1.1 255.255.255.0
!
interface Serial1/2
ip address 11.1.1.1 255.255.255.252
serial restart-delay 0
crypto map cisco
!
interface Virtual-Template1
ip unnumbered Loopback0
peer default ip address pool l2tp-pool
ppp authentication chap
!
ip local pool l2tp-pool 192.168.1.1 192.168.1.100
!
ip route 0.0.0.0 0.0.0.0 11.1.1.2

2. Windows Configuration

1. Import the register as follow:
———
REGEDIT4 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters]
“ProhibitIpSec”=dword:00000001
———
2. Use gpedit.msc to configure “IP security policy”, please refer to Microsoft.com.
3. Setup a dialer interface and dial to the server.

Flickr : cisco certification, cisco exam, cisco simulator, dynagen, dynamips, ipsec

dynamips lab:Cisco IPSec EasyVPN & DMVPN on dynamips

admin — Fri, 10 Apr 2009 01:34:48 +0000

I have completed this lab on 7200 simulator, the topology is as follow:

Flickr : ccie, cisco certification, cisco exam, dynagen, dynamips, easyvpn, ipsec

dynamips lab:Cisco ios ssl vpn on dynamips test note2

admin — Fri, 10 Apr 2009 01:32:12 +0000

Continue discussion in part 1, the topology is as follow:

The Cisco SSL VPN supports on working on full-tunnel mode. In full-tunnel mode, an SSL tunnel is used to move data to and from the internal networks at the network (IP) layer. When the user logs into the SSLVPN gateway, the SSL VPN client (SVC) is automatically downloaded and installed at the end user’s PC, and the tunnel connection is established. Once the connection is established, the user has full VPN access to the corporate network.1. Preparing for Cisco Web VPN. (the same as part 1)
c7206(config)# int fa0/0c7206(config-if)# ip add 198.1.1.1 255.255.255.0

c7206(config-if)# no shutdown

c7206(config-if)# exit

c7206(config)# int fa1/0

c7206(config-if)# ip add 10.10.1.1 255.255.255.0

c7206(config-if)# no shutdown

c7206(config-if)# exit

c7206(config)# aaa new-model

c7206(config)# aaa authentication login default local

!define the default aaa authentication list, allow the administrator to login this router, this configuration is foreign to the Web VPN.
!

c7206(config)# aaa authentication login aaa-webvpn local

c7206(config)# username steve6307 password cisco

!define the WebVPN authentication list.
!

c7206(config)# webvpn gateway mygateway

c7206(config-webvpn-gateway)# ip address 198.1.1.1 port 443

c7206(config-webvpn-gateway)# inservice

!define the WebVPN gateway address and port, usually the port is 443.
!

c7206(config)# webvpn context mywebvpn-context1

c7206(config-webvpn-context)# gateway mygateway domain group1

c7206(config-webvpn-context)# aaa authentication list aaa-webvpn

c7206(config-webvpn-context)# inservice

!define a WebVPN context. You must select a gateway and a aaa authentication list for each context. The domain name is very important to the configuration, because the end user will select the context by this domain name in the future.
2. Configure Cisco SSL VPN.
First of all, format the dynamips 7200 router disk0.
c7206# format disk0:Then, copy the SVC(SSL VPN Client) package to the 7200 disk0.
Note: the dynamips works on low efficiency, so I suggest to use FTP to copy the SVC.
c7206(config)# ip ftp username ciscoc7206(config)# ip ftp password cisco

c7206# copy ftp disk0:

Address or name of remote host []? 10.10.1.2

Source filename []? sslclient-win-1.1.2.169.pkg

Destination filename [sslclient-win-1.1.2.169.pkg]?

Accessing ftp://10.10.1.2/sslclient-win-1.1.2.169.pkg…

Loading sslclient-win-1.1.2.169.pkg !!

[OK - 415090/4096 bytes]

415090 bytes copied in 22.900 secs (18126 bytes/sec)Install the SVC.
c7206(config)# webvpn install svc disk0:/sslclient-win-1.1.2.169.pkgSSLVPN Package SSL-VPN-Client : installed successfully

c7206(config)# ip local pool ssl-user 192.168.10.1 192.168.10.99!define the SSL VPN user address pool.
!

c7206(config)# int loopback0

c7206(config-if)# ip address 192.168.10.254 255.255.255.0

c7206(config-if)# exit

!In Cisco IOS, if the SSL VPN user pool doesn’t have the save range with your inside network, you should define a loopback interface.
!In my lab, my inside network range is 10.10.1.0/24, and my address pool range is 192.168.10.1~99, so I need to define a loopback interface with the address 192.168.10.254.
!

c7206(config)# webvpn context mywebvpn-context1

c7206(config-webvpn-context)# policy group context1-policy

c7206(config-webvpn-group)# functions svc-enabled

c7206(config-webvpn-group)# svc address-pool ssl-user

c7206(config-webvpn-group)# exit

!define the group policy, allow the user to use the SSL VPN function.
!

c7206(config-webvpn-context)# default-group-policy context1-policy

!assign the policy as the default group policy.
3. Configure the SSL VPN split tunneling. (optional)
c7206(config)# webvpn context mywebvpn-context1c7206(config-webvpn-context)# policy group context1-policy

c7206(config-webvpn-group)# svc split include 10.10.1.0 255.255.255.0

!In the split tunnel list, I configured the inside network range. This means the WebVPN service will notify the SSL VPN Client to modify there local routing table, and then the client can access inside network and Internet at the same time.
4. Feature test.
Login WebVPN , and then I saw the page as follow:

Then the WebVPN started the SVC install program.

After the installation, the SVC started successfully, and then I have unrestricted permission of the inside network accessing.

Now, I can see the SSL VPN Client info.

The Cisco copyright info is as follow, aha, this is so cool!

Flickr : , ccie, cisco certification, cisco exam, cisco simulator, dynagen, dynamips, ssl vpn

dynamips lab:Cisco IOS SSL VPN on dynamips test note

admin — Thu, 02 Apr 2009 07:55:54 +0000

This test note describes how to configure Cisco SSL VPN on Cisco IOS routers. The whole lab is build on Dynamips 7200 simulator.

SSL VPNs use a methodology to transport private data across the public Internet. Instead of relying upon the end user to have a configured client on an agency-managed computer, SSL VPNs use SSL /HTTPS which is the secure transport mechanism built-in to all standard Web browsers. Using an SSL VPN, the connection between the user and the internal resource occurs via an HTTPS connection at the application-layer.

I have completed all the Cisco SSL labs on Dynamips 7200 simulator, the topology is as follow:

The Dynagen configuration is as follow:

autostart = false
[localhost]
port = 7200
udp = 10000
workingdir = ..\Temp\

[[router R1]]
image = ..\IOS\c7200-advsecurityk9-mz.124-9.T1.bin
model = 7200
console = 3001
npe = npe-400
ram = 128
confreg = 0×2142
exec_area = 64
slot0 = PA-C7200-IO-FE
slot1 = PA-FE-TX
f0/0 = SW1 1
f1/0 = SW1 2
[[ethsw SW1]]
1 = dot1q 1
2 = dot1q 1
3 = access 1 NIO_gen_eth:\Device\NPF_{E4377B71-C2A8-40A9-9FB6-639EE19D2F75}

1. Preparing for Cisco Web VPN.
c7206(config)# int fa0/0

c7206(config-if)# ip add 198.1.1.1 255.255.255.0

c7206(config-if)# no shutdown

c7206(config-if)# exit

c7206(config)# int fa1/0

c7206(config-if)# ip add 10.10.1.1 255.255.255.0

c7206(config-if)# no shutdown

c7206(config-if)# exit

c7206(config)# aaa new-model

c7206(config)# aaa authentication login default local

!define the default aaa authentication list, allow the administrator to login this router, this configuration is foreign to the Web VPN.
!

c7206(config)# aaa authentication login aaa-webvpn local

c7206(config)# username steve6307 password cisco

!define the WebVPN authentication list.
!

c7206(config)# webvpn gateway mygateway

c7206(config-webvpn-gateway)# ip address 198.1.1.1 port 443

c7206(config-webvpn-gateway)# inservice

!define the WebVPN gateway address and port, usually the port is 443.
!

c7206(config)# webvpn context mywebvpn-context1

c7206(config-webvpn-context)# gateway mygateway domain group1

c7206(config-webvpn-co
ntext)# aaa authentication list aaa-webvpn

c7206(config-webvpn-context)# inservice

!define a WebVPN context. You must select a gateway and a aaa authentication list for each context. The domain name is very important to the configuration, because the end user will select the context by this domain name in the future.
2. Basic feature test(Web browsing).
I used Firefox to test the WebVPN feature. I entered “https://198.1.1.1/group1″ in the address bar, and then I saw the WebVPN home page.

Note: the url format is https://webvpn_gateway_addr/context_domain_name

I entered my username and password in the dialog box, and then click “Login”.

Now I have successfully logon the webvpn!

I entered the Internal Server IP address in the URL page, and then I accessed the internal server web page successfully.

3. WebVPN extended services.
Now, let’s talk about how to configure the webvpn extended services:

1. File-access feature.

2. Custom the url-list.

3. Port-forward feature.

3.1. File-access feature
The file-access feature can provide browsing and file access of files on the windows file server (NetBIOS name service server).

To use the file access-feature, the user must have “file-access file-entry file-browsing” privilege.

c7206(config)# webvpn context mywebvpn-context1

c7206(config-webvpn-nbnslist)# nbns-server 10.10.1.2

c7206(config-webvpn-nbnslist)# exit

!You must define the NetBIOS name server for IOS WebVPN. In fact, this is optional if you use the ip address to access the file server in the future.
!

c7206(config-webvpn-context)# policy group context1-policy

c7206(config-webvpn-group)# functions file-access

c7206(config-webvpn-group)# functions file-browse

c7206(config-webvpn-group)# functions file-entry

c7206(config-webvpn-group)# exit

!define the group policy for this context, assign the “file-access file-entry file-browsing” privilege.
!

c7206(config-webvpn-context)# default-group-policy context1-policy

!assign the group policy as default policy.
Feature test:
Login WebVPN again, I saw the page as follow:

I entered “\\10.10.1.2″ as the network path, and then the browser prompted me to enter my username and password to access the resources of my file server:

3.2. Custom the url-list
c7206(config-webvpn-context)# url-list myurl

c7206(config-webvpn-url)#url-text “Home Page” url-value http://10.10.1.2

c7206(config-webvpn-url)#url-text “Site2″url-value http://10.10.1.3

c7206(config-webvpn-context)#policy group context1-policy

c7206(config-webvpn-group)#url-list myurl

Feature test:
Login WebVPN again, I saw the page as follow:

3.3. Port-forward
Port-forward feature provides access for remote end users to client and server applications that communicate over known, fixed TCP ports. Each internal server and port number that the user can have access to has to be configured on the gateway. The entries specify the local port number and the destination server name and port number to use for TCP port forwarding.

c7206(config-webvpn-context)# port-forward myport

c7206(config-webvpn-port-fwd)# local-port 2323 remote-server 10.10.1.2 remote-port 23 description test

c7206(config-webvpn-port-fwd)# exit

c7206(config-webvpn-context)# policy group context1-policy

c7206(config-webvpn-group)# port-forward myport

!when I login the WebVPN, the browser load the JAVA App, and then I can telnet the internal server via telnet localhost 2323 port.

Feature test:
Login WebVPN again, I saw the page as follow:

Click “Application Access”, and then the browser can load the java app.

Flickr : cisco exam, cisco simulator, cisco training, dynagen, dynamips, vpn

Cisco IOS site2site ipsec vpn on dynamips

admin — Thu, 02 Apr 2009 07:44:15 +0000

The Dynagen configuration is as follow:

autostart = false
[localhost]
port = 7200
udp = 10000
workingdir = ..\Temp\

[[router R3]]
image = ..\IOS\c3620-i-mz.122-37.bin
model = 3620
console = 3003
ram = 32
confreg = 0×2142
exec_area = 16
mmap = false
slot0 = NM-1FE-TX
slot1 = NM-4T
f0/0 = SW1 3
[[ethsw SW1]]
1 = dot1q 1
2 = dot1q 1
3 = dot1q 1
4 = access 1 NIO_gen_eth:\Device\NPF_{E4377B71-C2A8-40A9-9FB6-639EE19D2F75}

1. The configuration of R1

London(config)#interface Loopback0London(config-if)#ip address 10.1.1.1 255.255.255.0

London(config)#interface Serial1/1

London(config-if)#ip address 173.16.1.1 255.255.255.252

London(config-if)#no shutdown

London(config)#ip route 0.0.0.0 0.0.0.0 173.16.1.2

London(config)#crypto isakmp enable

London(config)#crypto isakmp policy 10

London(config-isakmp)#hash md5

London(config-isakmp)#authentication pre-share

London(config-isakmp)#encryption 3des

London(config-isakmp)#group 2

London(config)#crypto isakmp key cisco1234 address 173.16.1.5

London(config)#crypto ipsec transform-set ccsp esp-des esp-md5-hmac

London (cfg-crypto-trans)#mode tunnel

London(config)#crypto map cisco 10 ipsec-isakmp

London(config-crypto-map)#set peer 173.16.1.5

London(config-crypto-map)#set transform-set ccsp

London(config-crypto-map)#match address 101

London(config)#access-list 101 permit ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255

London(config)#interface Serial1/1

London(config-if)#crypto map cisco

2. The configuration of R2

Denver(config)#interface Loopback0Denver(config-if)#ip address 10.2.2.1 255.255.255.0

Denver(config)#interface Serial1/0

Denver(config-if)#ip address 173.16.1.5 255.255.255.252

Denver(config-if)#no shutdown

Denver(config)#ip route 0.0.0.0 0.0.0.0 173.16.1.6

Denver(config)#crypto isakmp enable

Denver(config)#crypto isakmp policy 10

Denver(config-isakmp)#hash md5

Denver(config-isakmp)#authentication pre-share

Denver(config-isakmp)#encryption 3des

Denver(config-isakmp)#group 2

Denver(config)#crypto isakmp key cisco1234 address 173.16.1.1

Denver(config)#crypto ipsec transform-set ccsp esp-des esp-md5-hmac

Denver(cfg-crypto-trans)#mode tunnel

Denver(config)#crypto map cisco 10 ipsec-isakmp

Denver(config-crypto-map)#set peer 173.16.1.1

Denver(config-crypto-map)#set transform-set ccsp

Denver(config-crypto-map)#match address 101

Denver(config)#access-list 101 permit ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255

Denver(config)#interface Serial1/0

Denver(config-if)#crypto map cisco

Flickr : , cisco exam, cisco simulator, cisco training, dynagen, dynamips

dynamips lab:Cisco IOS l2tp voluntary tunnel mode on dynamips

admin — Thu, 02 Apr 2009 07:41:03 +0000

I have completed this lab on Dynamips 7200 simulator, the topology is as follow:

The Dynagen configuration is as follow:

autostart = false
[localhost]
port = 7200
udp = 10000
workingdir = ..\Temp\

[[router R2]]
image = ..\IOS\c7200-advsecurityk9-mz.124-9.T1.bin
model = 7200
console = 3002
npe = npe-400
ram = 128
confreg = 0×2142
exec_area = 64
mmap = false
slot0 = PA-C7200-IO-FE
slot1 = PA-4T
f0/0 = SW1 2
s1/0 = R3 s1/1
[[router R3]]
image = ..\IOS\c3620-i-mz.122-37.bin
model = 3620
console = 3003
ram = 32
confreg = 0×2142
exec_area = 16
mmap = false
slot0 = NM-1FE-TX
slot1 = NM-4T
f0/0 = SW1 3
[[ethsw SW1]]
2 = dot1q 1
3 = dot1q 1
4 = access 1 NIO_gen_eth:\Device\NPF_{E4377B71-C2A8-40A9-9FB6-639EE19D2F75}

1. ENT LNS L2TP Configuration (R2).

ENT_LNS(config)#interface FastEthernet0/0ENT_LNS(config-if)#ip address 10.10.1.1 255.255.255.0

ENT_LNS(config-if)#no shutdown

ENT_LNS(config)#interface Serial1/0

ENT_LNS(config-if)#ip address 173.16.1.5 255.255.255.252

ENT_LNS(config-if)#no shutdown

ENT_LNS(config)#ip route 0.0.0.0 0.0.0.0 173.16.1.6

ENT_LNS(config)#username cisco@cisco.com password 0 cisco

ENT_LNS(config)#vpdn enable

ENT_LNS(config)#vpdn-group myl2tp

ENT_LNS(config-vpdn)#accept-dialin

ENT_LNS(config-vpdn-acc-in)#protocol l2tp

ENT_LNS(config-vpdn-acc-in)#virtual-template 1

ENT_LNS(config-vpdn-acc-in)#exit

ENT_LNS(config-vpdn)#no l2tp tunnel authentication

ENT_LNS(config)#interface Virtual-Template1

ENT_LNS(config-if)#ip unnumbered FastEthernet0/0

ENT_LNS(config-if)#encapsulation ppp

ENT_LNS(config-if)#peer default ip address pool l2tp-user

ENT_LNS(config-if)#ppp authentication chap

ENT_LNS(config)#ip local pool l2tp-user 10.10.1.50 10.10.1.59

2. Windows Client Configuration.
First of all, modify the windows register as follow and restart the windows:

REGEDIT4 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters]

“ProhibitIpSec”=dword:00000001

Then use the windows dialer configuration guide to complete the configuration.

Flickr : cisco, cisco exam, cisco simulator, cisco training, dynagen, dynamips

dynamips lab:Cisco IOS Easy VPN Server & Remote on Dynamips

admin — Thu, 02 Apr 2009 07:34:09 +0000

This test note describes how to configure Cisco Remote access IPSec VPN on Cisco IOS routers.

I have completed this lab on Dynamips 7200 simulator, the topology is as follow:

The Dynagen configuration is as follow:

autostart = false
[localhost]
port = 7200
udp = 10000
workingdir = ..\Temp\

[[router R1]]
image = ..\IOS\ c7200-advsecurityk9-mz.124-9.T1.bin
model = 7200
console = 3001
npe = npe-400
ram = 128
confreg = 0×2142
exec_area = 64
mmap = false
slot0 = PA-C7200-IO-FE
slot1 = PA-4T
f0/0 = SW1 1
s1/1 = R3 s1/0
[[router R2]]
image = ..\IOS\c3640-ik9o3s-mz.124-10.bin
model = 3640
console = 3002
ram = 128
confreg = 0×2142
exec_area = 64
mmap = false
slot0 = NM-1FE-TX
slot1 = NM-4T
f0/0 = SW1 2
s1/0 = R3 s1/1
[[router R3]]
image = ..\IOS\c3620-i-mz.122-37.bin
model = 3620
console = 3003
ram = 32
confreg = 0×2142
exec_area = 16
mmap = false
slot0 = NM-1FE-TX
slot1 = NM-4T
f0/0 = SW1 3
[[ethsw SW1]]
1 = dot1q 1
2 = dot1q 1
3 = dot1q 1
4 = access 1 NIO_gen_eth:\Device\NPF_{E4377B71-C2A8-40A9-9FB6-639EE19D2F75}

1. Easy VPN Server Configuration (R2).
server(config)# username steve password cisco!define the username and password for XAUTH, we can also use CISCO ACS to store the user information.
server(config)#aaa new-modelserver(config)#aaa authentication login default local

!define the default aaa authentication list, allow the administrator to login this router, this configuration is foreign to the ezvpn.

server(config)#aaa authentication login ezvpn-authentication local!define xauth authentication list.
server(config)#aaa authorization network ezvpn-authorization local!define the authorization list.server(config)#ip local pool ezvpn-pool 192.168.1.1 192.168.1.254server(config)#crypto isakmp policy 10server(config-isakmp)#authentication pre-shareserver(config-isakmp)#encryption 3des

server(config-isakmp)#hash sha

server(config-isakmp)#group 2

server(config-isakmp)#exit

server(config)#access-list 101 permit ip 10.10.1.0 0.0.0.255 any!define the split tunnel list, pay attention, the destination address is always “any”, and the source address is the network address of inside network.server(config)#crypto isakmp client configuration group myezvpnserver(config-isakmp-group)#key cisco1234server(config-isakmp-group)#dns 10.8.1.10

server(config-isakmp-group)#domain njut.edu.cn

server(config-isakmp-group)#pool ezvpn-pool

server(config-isakmp-group)#acl 101

!the acl is split tunnel acl.
server(config-isakmp-group)#save-password!allow the client save xauth password locally.
server(config-isakmp-group)#exitserver(config)#crypto ipsec transform-set ccsp esp-3des esp-sha-hmac server(cfg-crypto-trans)#mode tunnelserver(cfg-crypto-trans)#exit

server(config)#crypto dynamic-map ezvpn-dynamic-map 10 server(config-crypto-map)#set transform-set ccspserver(config-crypto-map)#reverse-route

server(config)#crypto map cisco client authentication list ezvpn-authentication!choose the xauth authentication list.server(config)#crypto map cisco isakmp authorization list ezvpn-authorization!choose the authorization list.
server(config)#crypto map cisco client configuration address respond!respond the client address request.server(config)#crypto map cisco 10 ipsec-isakmp dynamic ezvpn-dynamic-mapserver(config)#int s1/0server(config-if)#ip address 173.16.1.5 255.255.255.252server(config-if)#crypto map cisco

server(config)#int fa0/0server(config-if)#ip address 10.10.1.1 255.255.255.0server(config)#ip route 0.0.0.0 0.0.0.0 173.16.1.62. Easy VPN Remote Configuration (R1).
remote(config)#crypto ipsec client ezvpn newlabremote(config-crypto-ezvpn)#connect auto

remote(config-crypto-ezvpn)#group myezvpn key cisco1234

remote(config-crypto-ezvpn)#mode client

remote(config-crypto-ezvpn)#peer 173.16.1.5

remote(config-crypto-ezvpn)#username steve password cisco

!if you didn’t open save-password option on the ezvpn server, you should issue “crypto ipsec client ezvpn xauth” command to complete xauth.
!

remote(config)#interface FastEthernet0/0

remote(config-if)#ip address 10.30.1.1 255.255.255.0

remote(config-if)#crypto ipsec client ezvpn newlab inside!

remote(config)#interface Serial1/1

remote(config-if)#ip address 173.16.1.1 255.255.255.252

remote(config-if)#crypto ipsec client ezvpn newlab outside

3. Use the Cisco VPN Client Software to connect to Easy VPN Server.
The easy vpn server can also be connected by the Cisco VPN Client Software, you can download the software from cco site.

Flickr : cisco, cisco exam, cisco simulator, cisco training, dynagen, dynamips, vpn

dynamips lab:Cisco high availability IPSec VPN on dynamips(loopback address)

admin — Thu, 02 Apr 2009 07:30:43 +0000

In the lab, both access link IP addresses are configured on R1 as IKE identities of R2. When R1 initiates IKE negotiation, the first peer IP address is used by IKE and becomes R2′s IKE identity for this peer. If this IKE SA times out during the negotiation, the second IP address becomes the IKE identity of the R2.

1. R1 Configuration.

R1#sh run
version 12.4
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco1234 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set ccsp esp-3des esp-sha-hmac
!
crypto map cisco 10 ipsec-isakmp
set peer 13.1.1.1
set peer 12.1.1.1
set transform-set ccsp
match address 101
!
interface Loopback0
ip address 10.1.1.1 255.255.255.0
!
interface Serial1/0
ip address 11.1.1.1 255.255.255.0
crypto map cisco
!
router ospf 1
network 11.1.1.0 0.0.0.255 area 0
!
ip route 10.2.2.0 255.255.255.0 11.1.1.2
!
access-list 101 permit ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255

2. R2 Configuration.

R2#sh run
version 12.4
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco1234 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set ccsp esp-3des esp-sha-hmac
!
crypto map cisco 10 ipsec-isakmp
set peer 11.1.1.1
set transform-set ccsp
match address 101
!
interface Loopback1
ip address 10.2.2.1 255.255.255.0
!
interface Serial1/0
ip address 12.1.1.1 255.255.255.0
crypto map cisco
!
interface Serial1/1
ip address 13.1.1.1 255.255.255.0
crypto map cisco
!
router ospf 1
network 12.1.1.0 0.0.0.255 area 0
network 13.1.1.0 0.0.0.255 area 0
!
ip route 10.1.1.0 255.255.255.0 11.1.1.1
!
access-list 101 permit ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255

Flickr : , cisco exam, cisco simulator, cisco training, dynagen, dynamips, ipsec vpn

dynamips lab:Cisco ADSL PPPOE on dynamips

admin — Thu, 02 Apr 2009 07:20:33 +0000

In fact, R1 and R2 is connected by their atm interface directly.

1. CPE Configuration (R2)

no ip routing
!
interface FastEthernet0/0
no ip address
bridge-group 1
!
interface ATM1/0
no ip address
bridge-group 1
pvc 2/200
encapsulation aal5snap
!
!
bridge 1 protocol ieee

2. R1 Configuration
Notes: The atm card on dynamips does not support pppoe, we use R4 to deal with pppoe packet. So ,R1 do only bridging.

no ip routing
!
interface FastEthernet0/0
no ip address
bridge-group 1
!
interface ATM1/0
no ip address
bridge-group 1
pvc 1/100
encapsulation aal5snap
!
!
bridge 1 protocol ieee

3. Aggregation Router Configuration (R4)

vpdn enable
!
vpdn-group 1
accept-dialin
protocol pppoe
virtual-template 1
!
username cisco password 0 cisco
!
interface Loopback0
ip address 10.0.0.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
pppoe enable
!
interface Virtual-Template1
ip unnumbered Loopback0
peer default ip address pool cisco
ppp authentication chap
!
ip local pool cisco 10.0.0.10 10.0.0.20

4. PPPOE client Configuration (R3)

vpdn enable
!
vpdn-group cisco
request-dialin
protocol pppoe
!
interface Ethernet0
no ip address
pppoe enable
pppoe-client dial-pool-number 1
!
interface Dialer0
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname cisco
ppp chap password 0 cisco
!
ip route 0.0.0.0 0.0.0.0 Dialer0

Flickr : adsl, ccie, cisco exam, cisco simulator, cisco training, dynagen, dynamips, pppoe

dynamips lab:Cisco ADSL PPPOA on dynamipsI have completed this lab on Dynamips 7200

admin — Thu, 02 Apr 2009 07:16:16 +0000

simulator, the topology is as follow:

In fact, R1 and R2 is connected by their atm interface directly.1. CPE Configuration (R2)

interface FastEthernet0/0
ip address 172.30.1.8 255.255.255.0
ip nat inside
duplex half
!
interface ATM1/0
no ip address
pvc 2/200
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
interface Dialer0
ip address negotiated
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname cisco
ppp chap password 0 cisco
ip nat outside
!
ip route 0.0.0.0 0.0.0.0 dialer0
!
access-list 10 permit ip 172.30.1.0 0.0.0.255
ip nat inside source list 10 interface dialer 0 overload

2. Aggregation Router Configuration (R1)

username cisco password 0 cisco
!
interface Loopback0
ip address 10.0.0.1 255.255.255.0
!
interface ATM1/0
no ip address
pvc 1/100
encapsulation aal5snap
protocol ppp Virtual-Template1
!
!
interface Virtual-Template1
ip unnumbered Loopback0
peer default ip address pool cisco
ppp authentication chap
!
ip local pool cisco 10.0.0.2 10.0.0.6

Flickr : , ccie, cisco, cisco exam, cisco simulator, cisco training, dynagen, dynamips

IT certification lab simulation » cisco exam

dynamips lab:Cisco L2TP over IPSec With windows client

Related Posts

dynamips lab:Cisco IPSec EasyVPN & DMVPN on dynamips

Related Posts

dynamips lab:Cisco ios ssl vpn on dynamips test note2

Related Posts

dynamips lab:Cisco IOS SSL VPN on dynamips test note

Related Posts

Cisco IOS site2site ipsec vpn on dynamips

Related Posts

dynamips lab:Cisco IOS l2tp voluntary tunnel mode on dynamips

Related Posts

dynamips lab:Cisco IOS Easy VPN Server & Remote on Dynamips

Related Posts

dynamips lab:Cisco high availability IPSec VPN on dynamips(loopback address)

Related Posts

dynamips lab:Cisco ADSL PPPOE on dynamips

Related Posts

dynamips lab:Cisco ADSL PPPOA on dynamipsI have completed this lab on Dynamips 7200

Related Posts