Hands-On Labs 293

Hands-On Labs

This section will test your ability to configure IPSec with pre-shared keys. Use the following graphic as your guide.

The following interfaces will be used:

Lab_A interface Serial 0/0 with IP address 10.1.1.1 /24

Lab_B interface Serial 1/0 with IP address 10.1.1.2 /24 This section includes the following labs:

Lab 8.1: Configure IKE on Lab_A and Lab_B

Lab 8.2: Configure IPSec on Lab_A and Lab_B

294 Chapter 8 Cisco IOS IPSec Pre-Shared Keys and Certificate Authority Support

Lab 8.1: Configure IKE on Lab_A and Lab_B

This lab will have you configure IKE on routers Lab_A and Lab_B from the previous graphic.

1.Create an IKE policy on Lab_A and Lab_B with priority 2.

2.Use 3DES encryption, MD5 message hash, and pre-shared authentication on Lab_A and Lab_B.

3.Use the pre-shared key cisco on Lab_A and Lab_B.

Lab 8.2: Configure IPSec on Lab_A and Lab_B

This lab will have you configure IPSec on routers Lab_A and Lab_B from the previous graphic.

1.Create a transform set named test using esp-des and tunnel mode on Lab_A and Lab_B.

2.Create a symmetrical extended access list that will permit traffic from networks 172.16.2.0 /24 and 172.16.1.0 /24 on Lab_A and Lab_B.

3.Create a crypto map using the name test1 and sequence number 100 on Lab_A and Lab_B.

4.The crypto maps created should use the transform set test and the extended access list just created, and set the peer to the IP address of the outgoing interface of the remote device.

5.Apply the crypto map to Lab_A’s and Lab_B’s outgoing interfaces.