I am doing the lab, CCNA Labs - Cisco for the Real World in GNS3 and as of now I have reached the end of Phase 3 and I can say that this lab is amazing. I've configured familiar things which are on the CCNA scope like VLANS and Trunking, NAT, Static route. I also configured EtherChannel which is discussed in CCNA but I don't remember having configured one during labs on my Cisco Networking Academy class few years back. There are also major topics which are not in the CCNA scope like Inter-VLAN with L3 Switching and (drum roll) ... VPN configuration!
In this lab, I am to setup the Branch Office network which has different VLANS, runs VOIP, with two APs one for Public and one for Private. The Private AP is connected to the internal private network while the Public AP can only connect to the Internet. There is a SERVER which can be accessed from the Internet and hosts should be able to access the Internet by passing through NAT. Then the Branch Office must be able to connect to the Corporate Office using VPN where in the addresses must not pass NAT.
The most exciting part so far in doing this lab is connecting routers to the Internet via my Network Interface card and I am able to ping Google.com from GNS3! This is real world!
To verify that the tunnel is established:
In this lab, I am to setup the Branch Office network which has different VLANS, runs VOIP, with two APs one for Public and one for Private. The Private AP is connected to the internal private network while the Public AP can only connect to the Internet. There is a SERVER which can be accessed from the Internet and hosts should be able to access the Internet by passing through NAT. Then the Branch Office must be able to connect to the Corporate Office using VPN where in the addresses must not pass NAT.
The most exciting part so far in doing this lab is connecting routers to the Internet via my Network Interface card and I am able to ping Google.com from GNS3! This is real world!
To verify that the tunnel is established:
B1_RT1#sh crypto ipsec sa
interface: FastEthernet0/1
Crypto map tag: MAP_VPN, local addr 192.168.254.101
protected vrf: (none)
local ident (addr/mask/prot/port): (10.1.64.0/255.255.248.0/0/0)
remote ident (addr/mask/prot/port): (10.1.0.0/255.255.192.0/0/0)
current_peer 192.168.254.106 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 14, #pkts encrypt: 14, #pkts digest: 14
#pkts decaps: 15, #pkts decrypt: 15, #pkts verify: 15
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 192.168.254.101, remote crypto endpt.: 192.168.254.106
path mtu 1500, ip mtu 1500
current outbound spi: 0xF579CD64(4118400356)
inbound esp sas:
spi: 0x236155C6(593581510)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2001, flow_id: SW:1, crypto map: MAP_VPN
sa timing: remaining key lifetime (k/sec): (4532799/3138)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xF579CD64(4118400356)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2002, flow_id: SW:2, crypto map: MAP_VPN
sa timing: remaining key lifetime (k/sec): (4532799/3136)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
protected vrf: (none)
local ident (addr/mask/prot/port): (10.1.254.0/255.255.255.252/0/0)
remote ident (addr/mask/prot/port): (10.1.0.0/255.255.192.0/0/0)
current_peer 192.168.254.106 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 4, #pkts encrypt: 4, #pkts digest: 4
#pkts decaps: 4, #pkts decrypt: 4, #pkts verify: 4
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 192.168.254.101, remote crypto endpt.: 192.168.254.106
path mtu 1500, ip mtu 1500
current outbound spi: 0xFA4A18A8(4199159976)
inbound esp sas:
spi: 0x77799CF7(2004458743)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2003, flow_id: SW:3, crypto map: MAP_VPN
sa timing: remaining key lifetime (k/sec): (4597585/3590)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xFA4A18A8(4199159976)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2004, flow_id: SW:4, crypto map: MAP_VPN
sa timing: remaining key lifetime (k/sec): (4597585/3587)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
how much is the exam in pesos? where did you took the exam around manila?
ReplyDeleteCan you share the gns3 topology please, i am going to take the ccna 640-802 in few weeks and i am trying to do this as part of my lab... ty
ReplyDeleteWow really good information
ReplyDeleteWeb Designer in Bangalore