HomeОбразованиеRelated VideosMore From: danscourses

Create an IPsec VPN tunnel using Packet Tracer - CCNA Security

521 ratings | 42394 views
http://danscourses.com - Learn how to create an IPsec VPN tunnel on Cisco routers using the Cisco IOS CLI. CCNA security topic. 1. Starting configurations for R1, ISP, and R3. Paste to global config mode : hostname R1 interface g0/1 ip address no shut interface g0/0 ip address no shut exit ip route hostname ISP interface g0/1 ip address no shut interface g0/0 ip address no shut exit hostname R3 interface g0/1 ip address no shut interface g0/0 ip address no shut exit ip route 2. Make sure routers have the security license enabled: license boot module c1900 technology-package securityk9 3. Configure IPsec on the routers at each end of the tunnel (R1 and R3) !R1 crypto isakmp policy 10 encryption aes 256 authentication pre-share group 5 ! crypto isakmp key secretkey address ! crypto ipsec transform-set R1-R3 esp-aes 256 esp-sha-hmac ! crypto map IPSEC-MAP 10 ipsec-isakmp set peer set pfs group5 set security-association lifetime seconds 86400 set transform-set R1-R3 match address 100 ! interface GigabitEthernet0/0 crypto map IPSEC-MAP ! access-list 100 permit ip !R3 crypto isakmp policy 10 encryption aes 256 authentication pre-share group 5 ! crypto isakmp key secretkey address ! crypto ipsec transform-set R3-R1 esp-aes 256 esp-sha-hmac ! crypto map IPSEC-MAP 10 ipsec-isakmp set peer set pfs group5 set security-association lifetime seconds 86400 set transform-set R3-R1 match address 100 ! interface GigabitEthernet0/0 crypto map IPSEC-MAP ! access-list 100 permit ip
Html code for embedding videos on your blog
Text Comments (78)
aniruddha malkar (11 days ago)
very good. Nice work. you simplified the vpn conf
Bob Vu (21 days ago)
Thank you for all that you do.
Nimish Sonawane (1 month ago)
A great systematic & step by step explanation. Awesome. Thank u very much for it.
Natori Katsuro (1 month ago)
You're the best! I love U!
Can i get *.pkt file for the above scenario? can anybody please....
Ulrich Willems (1 month ago)
Hi what packet tracer version are you using? Please I need to know.
danscourses (1 month ago)
+Ulrich Willems try downloading version 7.2 or version 7.2.1 and they should be backwards compatible
Ulrich Willems (1 month ago)
+danscourses Thx I tried to download this version but all of them have viruses. Do you have a trusted link where I can download this version or equivalent? BTW I subscribed to your channel ;-)
danscourses (1 month ago)
At the time I created this video it was Packet Tracer 7.1.1
LOPEZ DINZ JOSEPH (2 months ago)
Mohamed Afkar (2 months ago)
keep up posting videos bro.... its really helpfull✌✌✌
Saad Ibrahim (3 months ago)
Cool ، your explain was amazing bro ، thank you
Koen van der rijt (3 months ago)
/me furiously typing to configure the routers.. and then comes the "you can copy paste with these" ;-) (I like to type it anyway but still funny) and a question? I janked a network cable out. The tunnel wasnt automatically coming up again after reconnecting the cable. How do I reconnect te tunnel?
A Morano (2 months ago)
Also, with that cable issue: Did you have to reboot a device to get the tunnel back up? If not, what’d you do?
A Morano (2 months ago)
Koen van der rijt Majority or network engineers copy and paste. I just started in the industry and I’m wondering if all these configs and even passwords should be on notepad saved on someone’s desktop. I’d figure that’s a bit of a security risk. But a lot of people still do it.
alehandro del (3 months ago)
you are the best! you really make the CISCO enjoyable ! Thanks.
Diego Gudino (3 months ago)
Great explanation. I have a question, can I create an ipsec vpn tunnel with a router where the wan port is connected on the local network? It means that the outside ip will be a private address. Thank you very much
Volf Khat (4 months ago)
Hola Dan, In your Phase-1 HAGLE, we don't see you configure the "Hash" or the "Lifetime". What gives?? **gracias**
WillyWerewolF (10 days ago)
maybe the default lifetimeis 86400 second *CMIIW
chao d (4 months ago)
Do we need any static route ?? I followed ur instructions line by line.. But that didn't work for me
chao d (4 months ago)
ignore.. please .. it is working now :) Thx Sir ... Though i dont get any replies.. but like commenting on ur videos and like putting forth questions
chao d (4 months ago)
Sir, do u have any videos on IPSEC over DMVPN ?
Abiyot Tesfay (4 months ago)
I am self learner .it is clear and eay to understand. keep up making such lesson.
Rizwanullah Muhammad (4 months ago)
Your videos are very precise thumbs uppp bro
Rathsara Relapanawa (4 months ago)
By the way, what about the Hash type on the crypto isakmp policy. Isn't that necessary ?
Volf Khat (4 months ago)
Agreed. just asked the same Q...
Rathsara Relapanawa (4 months ago)
Thank you very much for this. It worked like a charm.
David Cardoza (4 months ago)
I admire your teaching method, Dan...I appreciate that you don't rush through your tutorials. Packet Tracer has become a kind of video game to me. Please keep up the great work. Thank you!
priti2003 (5 months ago)
You are great at explaining concepts. Thanks for the video.
RasChristian (6 months ago)
Hey I am CCNA Security and you have explained everything so clearly, thank you very much mate from Costa Rica excellent
Fatima El-amin (6 months ago)
Very Beneficial, Thanks alot!
Shithanshu Mishra (6 months ago)
is this the same as remote access VPN?
Derek Xue (6 months ago)
wah wow~
Suyog Dahal (7 months ago)
@danscourses what if we have large subnets on both side at that time how do you provide acl command in range. Is there a way to permit individual networks.Please help me! with regards, Suyog Dahal
Mike Brooks (7 months ago)
how can i nat or pat with multiple subnets???
Suyog Dahal (7 months ago)
the main thing to look out for while configuring NAT or PAT for a multiple subnets is Access list . Here you have to permit every network available within the router where you want to nat or pat. and for the command you can search on net
Rim Mharbi (8 months ago)
Hello , thank you for this video , i'm trying to do the same at my topology , i had choose 2811 router , but i can't verify if the securityK9 is activated or not , the commands show version don't show anything about it and show license command it's not available in 2811 router, how can i make it work please ? thank's
Ilham Satyabudi (8 months ago)
Hello sir, your fan from indonesia here. Thx to your videos, i passed ccna rs with 912 and now have a full time job in network engineering. You are a life-saver instructor, make a difficult subject to be easy while keeping it practical. Please keep making video like this, i just want you to know, your videos are life-changer, for me and for other students around the world!
Darryl Mitchell (8 months ago)
Thanks for the Level up!!!
Nader Abbaspour (8 months ago)
That's what I was looking for thanks for the tutorial
Yassine Settai (8 months ago)
Not working for me :/
SeLiM Kerimoglu (6 months ago)
add Nat translation in your configuration
Tray Amp (8 months ago)
Terrific video! How could I adjust this to work when the LANS on R1 and R3 are overlapping?
tony li (9 months ago)
Wow. These explanation is magnificent!!!! Really useful!
Muhammad Zubair Khalid (9 months ago)
Tried a couple of time... could not ping at all
Sarah Adha Adam (6 months ago)
bro, mine can't ping either. stupid qn, but does he configure the ISP router other than what is stated in the first part of the video description? (eg hostname, interface)
Muhammad Zubair Khalid (6 months ago)
that would be great. btw I no more work on it. however it will be help in future. thanks anyway
Tlamelo Motlhatlhedi (6 months ago)
alright ill send you the solution here once i figure out what the issue is
Muhammad Zubair Khalid (6 months ago)
+Tlamelo Motlhatlhedi aah nope... Didn't try again..
Tlamelo Motlhatlhedi (6 months ago)
me too but the configurations are correct.any luck?
Mohsin Mushtaq (9 months ago)
Why do you have same ip address on both legs of ISP router ?
Volf Khat (4 months ago)
he doesnt. the 3rd octet is different :]
Rune Rocker (9 months ago)
Does this work with a router 2811 or only with 1941 ?
Digital Brekke (5 months ago)
For the 2911 you can type: license boot module c2900 technology-package securityk9 When i tried the 2811 router, I didn't need to insert a license. I might be wrong, but it seems like it's already installed on the 2811
rochdi fezai (9 months ago)
great video, but why you didn't configure Nat Translation i'm wondering in that case, should we ignore Nating network going from one site to another site ?
Ilias Abrams (9 months ago)
Hi, nice job, however I was wondering If you should add static routes into ISP router configuration, points to both networks ( and 3.0) ?
Volf Khat (4 months ago)
No man. Thats the whole point of an IPsec tunnel. The ISP router is "in the middle"... but they CAN'T see who you are REALLY talking to on the other side. It's by Design
Chris C (10 months ago)
I don't know how your videos don't have thousands and thousands of upvotes. Your video series is amazingly good.
Muhammad Idham Habibie (10 months ago)
Hi , thanks for your help in this video. I'm just wondering, I have tried couple times for reloading the license (using reload command in the packet tracer). However, I'm not sure that it boots my license anyway.
Montathar Hayder (11 months ago)
you are legend
NitrousUp (11 months ago)
Great tutorial but in the beggining you said "remember to connect router with crossover cable" i think if someone doesnt know this already he/she should NOT watch this video! :P
Luay Elias (11 months ago)
indeed wonderful course, thanks so much
its one of the best in among all YouTube vedios.appreciate
Catalytic Centaur (11 months ago)
Pretty cool, indeed. Thank you.
Abubakar Al-bakri (11 months ago)
Awesome tutorial! Thanks for making it!
leroy williams (1 year ago)
your videos are fantastic! will you be adding more security 210-260 videos?
AndroidGameplay4All (1 year ago)
no one ever has able to explain ipsec like you on YouTube, Hats off.
Saad Ibrahim (3 months ago)
mrnaamila (10 months ago)
Totally agree with you..
uwagboe onaolapo (1 year ago)
Thanks Boss....I introduced a layer 3 router in between to set up a multiple site to site VPN. site A, B and C. But after the whole process i couldn't reach the main site A from site C. Kindly guide me on this. Thanks. Awaits your response.
uwagboe onaolapo (1 year ago)
I would like you to give it a try boss...
danscourses (1 year ago)
Not sure, but it sounds like an interesting project to try out in Packet Tracer.
Matlesylc (1 year ago)
Awesome tutorial! Thanks for making it!
surin salaeh (1 year ago)
+ + +
Spectr3 L. (1 year ago)
and I can't enter the gateway, or the tech....
Spectr3 L. (1 year ago)
too long.. I don't have kronos
Yeudy Jimenez (1 year ago)
Like always your videos are great!!! Thanks and greetings from Costa Rica!
danscourses (1 year ago)
Thanks! Pura Vida!

Would you like to comment?

Join YouTube for a free account, or sign in if you are already a member.