4.1.c Implement and troubleshoot encapsulation

gre… what comes first, crypto or tunnel… i’d make the tunnel first…

interface Tunnel0
ip address 192.168.13.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 192.168.23.3

make a static route and test connectivity

ip route 33.33.33.0 255.255.255.0 192.168.13.3 (33 is the loopback on the other side)

turn on isakmp

crypto isakmp enable

make a policy (h a g l e = hash authentication type group lifetime encryption)

crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
lifetime 3600

set up the pre-share

crypto isakmp key cisco address 192.168.23.3

make the transform

crypto ipsec transform-set TS esp-aes 256 esp-sha-hmac
mode transport

make a profile

crypto ipsec profile IPSECGRE
set transform-set TS

finally slam the profile on the tunnel…

interface Tunnel0
tunnel protection ipsec profile IPSECGRE

test:

r1(config)#do sh crypto isakmp sa
dst             src             state          conn-id slot status
192.168.12.1    192.168.23.3    QM_IDLE              1    0 ACTIVE

r1(config)#do ping 33.33.33.33

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/33/40 ms

gre_esp