4.1.c Implement and troubleshoot encapsulation

gre… what comes first, crypto or tunnel… i’d make the tunnel first…

interface Tunnel0
ip address
tunnel source FastEthernet0/0
tunnel destination

make a static route and test connectivity

ip route (33 is the loopback on the other side)

turn on isakmp

crypto isakmp enable

make a policy (h a g l e = hash authentication type group lifetime encryption)

crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
lifetime 3600

set up the pre-share

crypto isakmp key cisco address

make the transform

crypto ipsec transform-set TS esp-aes 256 esp-sha-hmac
mode transport

make a profile

crypto ipsec profile IPSECGRE
set transform-set TS

finally slam the profile on the tunnel…

interface Tunnel0
tunnel protection ipsec profile IPSECGRE


r1(config)#do sh crypto isakmp sa
dst             src             state          conn-id slot status    QM_IDLE              1    0 ACTIVE

r1(config)#do ping

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/33/40 ms