Published July 3, 2023, 3:20 p.m. by Courtney
Complete description with screenshots: http://www.certvideos.com/get-vpn-configuration-example/
You may also like to read about:
hello everyone my name is Sam and in
this video I'm going to show you how to
configure get VPN on a Cisco router this
is the network topology I'm going to use
for this demonstration I have a key
server I have two group members TM 1 and
DM 2 and I have a co router that does
the routing part I have the IP addresses
and the routing already set up and all
addresses in this network topology have
a subnet mask of slash 24 so let's get
started now first I'm going to hop on to
the key server and I'm going to create a
crypto IAC KMP policy so I'm gonna say
crypto is a KMP policy 100 encryption is
AES 128 authentication is pre here and
the lifetime for this association is
3600 seconds and I'm gonna use if you
help me group 5 ok next we need to
specify the address with which the
tunnel is going to be formed so I'm
gonna say crypto IC can't be key 0 Cisco
address + 0 0 0 0 0 0 0 0 which means
use the key Cisco with all the peers
next I'm going to create a transform set
so let's say crypto IPSec transform set
and let's call the trends the algorithm
is es PA es 128 es PA c JH Mac exit next
let's create an IPSec profile crypto
ipsec profile IPSec and let's set the
transform set as trends next we need to
create a public key which is going to be
used for rekeying that is when the when
the key server generates the real key
mechanism
the real key messages it needs to use a
public key so let's generate the public
key so crypto key generate RSA label
let's call it as VPN keys and the
modulus is 1024 and let's make them
exportable okay and next let's create an
access list that is going to allow the
traffic from the 10.1 that to network to
the 10.13 network so I'm gonna say IP
access list
extended and let's call it get VPN ACL
and permit the IP traffic from ten
network 0.002 the ten network on this
side so I'm gonna say 10.0.0.0 0.25 five
two five five two five five exit next we
need to create a DDI group so I'm gonna
say crypto G DOI group and let's call it
as G dy and the identity number for this
group is 1 2 3 4 the server is local and
the re-keying the Ricky algorithm for
this is going to be a es 256 Ricky
lifetime is seconds that is 600 and
Ricky authentication my pop key RSA the
keys we just created so VPN keys
excellent and finally I'm going to say
Ricky transport is going to be unicast
so I'm gonna use unicast transport
protocol for wreaking next we need to
create an ipsec profile IPSec security
Association so I'm gonna say IP sex si
IPSec number 10 and the ipsec profile
for this is going to be profile IPSec
this is already created and we're gonna
match the access list match and address
ipv4 get VPN ACL next I need to specify
the address of the server address ipv4
192 168 1 dot 2 which is here the key
server ok that's it
next step we need to create a crypto map
so crypto map and let's call it as
crypto sequence number 10 and the type
is gdy and let's set the group as gdy
which is already been created
I just created yep
okay and we now we need to apply this
crypto map on to an interface so I'm
gonna say this interface serial 0/0
which is here and crypto map crypto exit
now you can see the key server is up and
running so we can hop onto the group
member group member 1 and start
configuring it and I'm just going to
configure or I'm just going to copy the
configuration from here do show run
section crypto IESA KMP and paste it
there okay there you see this is the is
it can't be policy we can just copy and
paste it there great and I'm gonna say
crypto is a KMP key 0 Cisco and the
address is the address of the key server
192 168 1 dot 2 which is help ok next I
need to create a GUI group so crypto GUI
group let's call it G DUI and the server
IP address is server address ipv4 192
168 1 dot 2 and the identity number is 1
2 3 4 next let's create a crypto map
crypto map let's call it crypto sequence
number 10 type G DOI and let's set the
group as GT wire which is yep ok next we
just need to apply this on an interface
interface serial 0 which is here and the
crypto map crypto so that's it you can
see start registration to key server 192
168 1 dot 2 registration completed
ok now let's copy the same configuration
onto the group number 2 so I'm just
going to say a douche or run and yep
this is what I want you can just copy
the whole thing and paste it on to group
number 2 ok great and you can copy even
this
and this okay just paste it great now
finally I'm just going to apply this on
the interface which is here interface
zero zero slash zero crypto map crypto
you can see start registration
registration completed
okay let's hop on the group number one
and see if we have a tunnel up and
running show crypto is a can't be
security Association yep
and finally let's see if we are having
the packets encrypted show crypto IPSec
si now you can see the packets are not
being encrypted the reason behind is
there is no traffic to encrypt so let's
have some traffic I'm going to hop on to
host one which is this host and I'm
gonna paint this host 10.13 dot too so
let's say a ping 10.1 to 3.2 and let's
hop on to the group member and see if we
have some encryption going on show
crypto IPSec okay there you see packets
are being encrypted see so that is
basically how you can't figure get VPN
on a Cisco router thank you for watching
2CUTURL
Created in 2013, 2CUTURL has been on the forefront of entertainment and breaking news. Our editorial staff delivers high quality articles, video, documentary and live along with multi-platform content.
© 2CUTURL. All Rights Reserved.