Tim's Technology Journey Wiki

User Tools

Site Tools

Trace: lab17
cisco:labs:ios-xe:lab17

This is an old revision of the document!

Table of Contents

Lab 17: eBGP with OSPF underlay and IKEv2 between r2 and r3

Prerequisites

  1. Complete Lab 16: eBGP with OSPF underlay

Task Instructions for r2 and r3:

  1. Configure an ACL to define which traffic to encrypt using the physical interfaces.
  2. Configure IKEv2 proposal.
  3. Configure IKEv2 policy.
  4. Configure IKEv2 keyring.
  5. Configure IKEv2 profile.
  6. Configure ipsec transform-set in tunnel mode.
  7. Configure crypto ipsec-isakmp map.
  8. Configure the crypto map on the physical interface.
  9. Configure r1 in BGP AS 65000.
  10. Configure r4 in BGP AS 65001.
  11. Configure r1 and r4 to form an eBGP neighborship.
  12. Verify BGP neighborship is Established.

Answer Section

Task 1

r2 

ip access-list extended castle-acl
 10 remark Permit statements equal traffic that shall be encrypted.
 10 permit ip host 23.1.1.2 host 23.1.1.3

r3 

ip access-list extended castle-acl
 10 remark Permit statements equal traffic that shall be encrypted.
 10 permit ip host 23.1.1.3 host 23.1.1.2

Task 2

r2 

crypto ikev2 proposal rook-proposal 
 encryption aes-cbc-256
 integrity sha512
 group 14

r3 

crypto ikev2 proposal rook-proposal 
 encryption aes-cbc-256
 integrity sha512
 group 14

Task 3

r2 

crypto ikev2 policy svpn-policy 
 proposal rook-proposal

r3 

crypto ikev2 policy svpn-policy 
 proposal rook-proposal

Task 4

r2 

crypto ikev2 keyring lion-key
 peer peer-remote
  address 23.1.1.3
  pre-shared-key cisco

r3 

crypto ikev2 keyring lion-key
 peer peer-remote
  address 23.1.1.2
  pre-shared-key cisco

Task 5

r2 

crypto ikev2 profile side-profile
 match identity remote address 23.1.1.3 255.255.255.255 
 authentication remote pre-share
 authentication local pre-share
 keyring local lion-key

r3 

crypto ikev2 profile side-profile
 match identity remote address 23.1.1.2 255.255.255.255 
 authentication remote pre-share
 authentication local pre-share
 keyring local lion-key

Task 6

r2 

crypto ipsec transform-set tset esp-aes esp-sha512-hmac 
 mode tunnel

r3 

crypto ipsec transform-set tset esp-aes esp-sha512-hmac 
 mode tunnel

Task 7

r2 

crypto map svpn-map 10 ipsec-isakmp 
 set peer 23.1.1.3
 set transform-set tset 
 set pfs group14
 set ikev2-profile side-profile
 match address castle-acl

r3 

crypto map svpn-map 10 ipsec-isakmp 
 set peer 23.1.1.2
 set transform-set tset 
 set pfs group14
 set ikev2-profile side-profile
 match address castle-acl/code>
----
===Task 8===
r2
<code>interface GigabitEthernet2
 crypto map svpn-map

r3 

interface GigabitEthernet2
 crypto map svpn-map

Task 9

r2 





r3











Task 10






r2







r3











Task 11






r2







r3
















Cisco


Cisco Labs


Cisco-IOS-XE Labs







                    
                                    


                
cisco/labs/ios-xe/lab17.1759579512.txt.gz · Last modified:  by Name


                            


            


            
            

                
Page Tools

                

                    
                

            

        


        



    
    

                Donate
        Powered by PHP
        Valid HTML5
        Valid CSS
        Driven by DokuWiki