Daily Archives: April 21, 2013

4.1.c Implement and troubleshoot encapsulation

gre… what comes first, crypto or tunnel… i’d make the tunnel first…

interface Tunnel0
ip address
tunnel source FastEthernet0/0
tunnel destination

make a static route and test connectivity

ip route (33 is the loopback on the other side)

turn on isakmp

crypto isakmp enable

make a policy (h a g l e = hash authentication type group lifetime encryption)

crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
lifetime 3600

set up the pre-share

crypto isakmp key cisco address

make the transform

crypto ipsec transform-set TS esp-aes 256 esp-sha-hmac
mode transport

make a profile

crypto ipsec profile IPSECGRE
set transform-set TS

finally slam the profile on the tunnel…

interface Tunnel0
tunnel protection ipsec profile IPSECGRE


r1(config)#do sh crypto isakmp sa
dst             src             state          conn-id slot status    QM_IDLE              1    0 ACTIVE

r1(config)#do ping

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/33/40 ms




3.3 Fundamental routing concepts

3.3.a Implement and troubleshoot static routing

ipv6 static routing…

! The next command uses R1’s S0/0/1 as the outgoing interface
ipv6 route 2001:db8:1111:3::/64 S0/0/1

! The next command uses R2’s address as the next-hop router unicast address
ipv6 route 2001:db8:1111:3::/64 2001:DB8:1111:2::2

! The next command uses R1’s S0/0/1 as the outgoing interface, and
! R2’s link-local address as the next-hop router address
ipv6 route 2001:db8:1111:3::/64 S0/0/1 FE80::FF:FE00:2