CCNA LAB - 4.8 Virtual Private Network (VPN) - IPsec (Site-to-Site)

{tocify} $title = {Mục lục}

LAB 4-8: Virtual Private Network (VPN) – IPsec (Site-to-Site)

You are the Network Administrator at Ranet Branch Office, and have to newly configure the Ranet-Br router to let your own host connect to the internet and connect to the hosts in Headquarter ( via Site-to-Site IPsec VPN as below:
(configure via console terminal for Ranet-BR router)

1. Enable LAN interface on Ranet-BR and set IP address to be the first assignable IP of network.

2. Enable WAN interface on Ranet-BR and set IP address to be the last assignable IP of network.

3. Set IP address on Host-BR to be the last assignable IP of network, and set IP of Gateway and DNS server ( also.

4. Config the route and NAT on Ranet-BR to let the Hosts in LAN connect to the internet (do not forget to exclude the VPN traffic).
(for NAT, use access-list no.100 and pool name “Ranet” that contain the global IP received from ISP as –

5. Config the Site-to-Site IPsec VPN by using the properties as below:

- For IKE phase I:- Policy Priority 101; Encryption Alg. AES-128 bit; Hash Alg. Secure HAsh standard; Authen method. Pre-Shared Key; Diffie-Hellman group #5 and lifetime at 86,400 sec. Use “ranetvpnpass” as key. Please note that IP address of WAN interface of Ranet-HQ is
- For IKE phase II: Use Transform-set name “Ranet” and ESP transform using AES with HMAC-SHA as authentication Alg.
- Use crypto map name “Site-to-Site” with sequence no.101 and access-list no.101 to be the VPN traffic.

If everything is correct, Host-BR should be able to open website, and test ping with Server-HQ in Headquarter network.