Configuring basic GRE Tunnel on Cisco router

1. Configuring a Basic GRE Tunnel

R1# show run

hostname R1

!

interface Tunnel0

ip address 172.16.13.1 255.255.255.0

tunnel source Serial0/0

tunnel destination 192.168.23.3

!

interface Loopback0

ip address 172.16.1.1 255.255.255.0

!

interface Serial0/0

ip address 192.168.12.1 255.255.255.0

clock rate 64000

no shutdown

!

router eigrp 1

network 192.168.12.0

no auto-summary

!

router eigrp 2

network 172.16.0.0

no auto-summary

!

end

R2# show run

hostname R2

!

interface Serial0/0

ip address 192.168.12.2 255.255.255.0

no shutdown

!

interface Serial0/1

ip address 192.168.23.2 255.255.255.0

clock rate 64000

no shutdown

!

router eigrp 1

network 192.168.12.0

network 192.168.23.0

no auto-summary

!

end

R3# show run

hostname R3

!

interface Loopback0

ip address 172.16.3.1 255.255.255.0

!

interface Tunnel0

ip address 172.16.13.3 255.255.255.0

tunnel source Serial0/1

tunnel destination 192.168.12.1

!

interface Serial0/1

ip address 192.168.23.3 255.255.255.0

no shutdown

!

router eigrp 1

network 192.168.23.0

no auto-summary

!

router eigrp 2

network 172.16.0.0

no auto-summary

!

end

2. Configuring a Secure GRE Tunnel with the IOS CLI

R1# show run

!

hostname R1

!

crypto isakmp policy 10

authentication pre-share

crypto isakmp key cisco address 192.168.23.3

!

crypto ipsec transform-set mytrans ah-sha-hmac esp-aes 256 esp-sha-hmac

!

crypto map mymap 10 ipsec-isakmp

set peer 192.168.23.3

set transform-set mytrans

match address 101

!

interface Tunnel0

ip address 172.16.13.1 255.255.255.0

tunnel source FastEthernet0/0

tunnel destination 192.168.23.3

!

interface Loopback0

ip address 172.16.1.1 255.255.255.0

!

interface Ethernet0/0

ip address 192.168.12.1 255.255.255.0

crypto map mymap

no shutdown

!

router eigrp 1

network 192.168.12.0

no auto-summary

!

router eigrp 2

network 172.16.0.0

no auto-summary

!

access-list 101 permit gre host 192.168.12.1 host 192.168.23.3

end

R2# show run

hostname R2

!

interface Ethernet0/0

ip address 192.168.12.2 255.255.255.0

no shutdown

!

interface Serial0/0

ip address 192.168.23.2 255.255.255.0

clock rate 64000

no shutdown

!

router eigrp 1

network 192.168.12.0

network 192.168.23.0

no auto-summary

!

end

R3# show run

hostname R3

!

enable secret 5 $1$kkTj$cIYDuP2yz3vA1ARGVwxd11

!

crypto isakmp policy 10

authentication pre-share

crypto isakmp key cisco address 192.168.12.1

!

crypto ipsec transform-set mytrans ah-sha-hmac esp-aes 256 esp-sha-hmac

!

crypto map mymap 10 ipsec-isakmp

set peer 192.168.12.1

set transform-set mytrans

match address 101

!

interface Loopback0

ip address 172.16.3.1 255.255.255.0

!

interface Tunnel0

ip address 172.16.13.3 255.255.255.0

tunnel source Serial0/0

tunnel destination 192.168.12.1

!

interface Serial0/0

ip address 192.168.23.3 255.255.255.0

crypto map mymap

no shutdown

!

router eigrp 1

network 192.168.23.0

no auto-summary

!

router eigrp 2

network 172.16.0.0

no auto-summary

!

access-list 101 permit gre host 192.168.23.3 host 192.168.12.1

!

line vty 0 4

password cisco

login

end

3. Configuring Easy VPN with the IOS CLI

ISP# show run

hostname ISP

!

interface FastEthernet0/0

ip address 192.168.10.1 255.255.255.0

no shutdown

!

interface Serial0/0/0

ip address 192.168.12.1 255.255.255.0

clock rate 64000

no shutdown

end

HQ# show run

hostname HQ

!

aaa new-model

!

aaa authentication login default local none

aaa authentication login VPNAUTH local

aaa authorization network VPNAUTH local

!

username cisco password 0 cisco

username ciscouser password 0 ciscouser

!

crypto isakmp policy 10

encr aes 256

authentication pre-share

group 2

crypto isakmp keepalive 30 5

crypto isakmp xauth timeout 60

!

crypto isakmp client configuration group ciscogroup

key ciscogroup

pool VPNCLIENTS

acl 100

netmask 255.255.255.0

!

crypto ipsec transform-set mytrans esp-3des esp-sha-hmac

!

crypto dynamic-map mymap 10

set transform-set mytrans

reverse-route

!

crypto map mymap client authentication list VPNAUTH

crypto map mymap isakmp authorization list VPNAUTH

crypto map mymap client configuration address respond

crypto map mymap 10 ipsec-isakmp dynamic mymap

!

interface Loopback0

ip address 172.16.2.1 255.255.255.0

!

interface Serial0/0/0

ip address 192.168.12.2 255.255.255.0

crypto map mymap

no shutdown

!

interface Serial0/0/1

ip address 172.16.23.2 255.255.255.0

clock rate 64000

no shutdown

!

router eigrp 1

redistribute static

network 172.16.0.0

no auto-summary

!

ip local pool VPNCLIENTS 172.16.2.100 172.16.2.200

ip route 0.0.0.0 0.0.0.0 192.168.12.1

!

access-list 100 permit

ip 172.16.0.0 0.0.255.255 any

end

HQ2# show run

hostname HQ2

!

interface Loopback0

ip address 172.16.3.1 255.255.255.0

!

interface Serial0/0/1

ip address 172.16.23.3 255.255.255.0

no shutdown

!

router eigrp 1

network 172.16.0.0

no auto-summary

end

By vichhaiy Posted in Cisco

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s