tlherr/Assignment 3

## Assignment 3
Config for Router: Router 1

## Enable Security Package

enable
config terminal
license boot module c2900 technology-package securityk9

### PHASE 1:
enable
config terminal
Router1(config)#crypto isakmp policy 10
Router1(config-isakmp)#hash md5
Router1(config-isakmp)#authentication pre-share
Router1(config)#crypto isakmp key testkey address 10.100.100.2

### PHASE 2:
enable
config terminal
Router1(config)#crypto ipsec transform-set testset esp-des esp-md5-hmac
Router1(config)#crypto map testmap 10 ipsec-isakmp

Router1(config-crypto-map)#set peer 10.100.100.2
Router1(config-crypto-map)#set transform-set myset
Router1(config-crypto-map)#match address 100
Router1(config-crypto-map)#end

### PHASE 3: (Apply Crypto Map to outside Interface)
enable
config terminal
Router1(config)#interface gi0/0
Router1(config-if)#crypto map testmap

Router1(config)#access-list 100 permit ip 10.1.1.0 0.0.0.255 10.20.20.0 0.0.0.255

enable
config terminal
ip nat inside source list 1 interface gi0/0 overload
access-list 1 permit 10.1.1.0 0.0.0.255

# Change NAT
enable
config terminal
Router1(config)#access-list 122 deny ip 10.1.1.0 0.0.0.255 10.20.20.0 0.0.0.255
Router1(config)#access-list 122 permit ip 10.1.1.0 0.0.0.255 any

Config for Router: Router 2

## Enable Security Package

enable
config terminal
license boot module c2900 technology-package securityk9

### PHASE 1:
enable
config terminal
Router1(config)#crypto isakmp policy 10
Router1(config-isakmp)#hash md5
Router1(config-isakmp)#authentication pre-share
Router1(config)#crypto isakmp key testkey address 10.100.100.2

### PHASE 2:
enable
config terminal
Router1(config)#crypto ipsec transform-set testset esp-des esp-md5-hmac
Router1(config)#crypto map testmap 10 ipsec-isakmp

Router1(config-crypto-map)#set peer 10.100.100.2
Router1(config-crypto-map)#set transform-set myset
Router1(config-crypto-map)#match address 100
Router1(config-crypto-map)#end

### PHASE 3: (Apply Crypto Map to outside Interface)
enable
config terminal
Router1(config)#interface gi0/0
Router1(config-if)#crypto map testmap

Router1(config)#access-list 100 permit ip 10.10.10.0 0.0.0.255 10.20.20.0 0.0.0.255

enable
config terminal
ip nat inside source list 1 interface gi0/0 overload
access-list 1 permit 10.10.10.0 0.0.0.255

# Change NAT
enable
config terminal
Router1(config)#access-list 122 deny ip 10.10.10.0 0.0.0.255 10.20.20.0 0.0.0.255
Router1(config)#access-list 122 permit ip 10.10.10.0 0.0.0.255 any

Config for Router: Router 3 for Router 1

## Enable Security Package

enable
config terminal
license boot module c2900 technology-package securityk9

### PHASE 1:
enable
config terminal
Router1(config)#crypto isakmp policy 10
Router1(config-isakmp)#hash md5
Router1(config-isakmp)#authentication pre-share
Router1(config)#crypto isakmp key testkey address 172.16.1.1

### PHASE 2:
enable
config terminal
Router1(config)#crypto ipsec transform-set testset esp-des esp-md5-hmac
Router1(config)#crypto map testmap 10 ipsec-isakmp

Router1(config-crypto-map)#set peer 172.16.1.1
Router1(config-crypto-map)#set transform-set myset
Router1(config-crypto-map)#match address 100
Router1(config-crypto-map)#end

### PHASE 3: (Apply Crypto Map to outside Interface)
enable
config terminal
Router1(config)#interface gi0/0
Router1(config-if)#crypto map testmap

Router1(config)#access-list 100 permit ip 10.20.20.0 0.0.0.255 10.1.1.0 0.0.0.255

enable
config terminal
ip nat inside source list 1 interface gi0/0 overload
access-list 1 permit 10.20.20.0 0.0.0.255

# Change NAT
enable
config terminal
Router1(config)#access-list 122 deny ip 10.20.20.0 0.0.0.255 10.1.1.0 0.0.0.255
Router1(config)#access-list 122 permit ip 10.20.20.0 0.0.0.255 any

Config for Router: Router 3 for Router 2

## Enable Security Package

enable
config terminal
license boot module c2900 technology-package securityk9

### PHASE 1:
enable
config terminal
Router1(config)#crypto isakmp policy 10
Router1(config-isakmp)#hash md5
Router1(config-isakmp)#authentication pre-share
Router1(config)#crypto isakmp key testkey address 10.0.0.2

### PHASE 2:
enable
config terminal
Router1(config)#crypto ipsec transform-set testset esp-des esp-md5-hmac
Router1(config)#crypto map testmap 10 ipsec-isakmp

Router1(config-crypto-map)#set peer 10.0.0.2
Router1(config-crypto-map)#set transform-set myset
Router1(config-crypto-map)#match address 100
Router1(config-crypto-map)#end

### PHASE 3: (Apply Crypto Map to outside Interface)
enable
config terminal
Router1(config)#interface gi0/0
Router1(config-if)#crypto map testmap

Router1(config)#access-list 100 permit ip 10.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255

enable
config terminal
ip nat inside source list 1 interface gi0/0 overload
access-list 1 permit 10.20.20.0 0.0.0.255

# Change NAT
enable
config terminal
Router1(config)#access-list 122 deny ip 10.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255
Router1(config)#access-list 122 permit ip 10.20.20.0 0.0.0.255 any
	Config for Router: Router 1

	## Enable Security Package

	enable
	config terminal
	license boot module c2900 technology-package securityk9

	### PHASE 1:
	enable
	config terminal
	Router1(config)#crypto isakmp policy 10
	Router1(config-isakmp)#hash md5
	Router1(config-isakmp)#authentication pre-share
	Router1(config)#crypto isakmp key testkey address 10.100.100.2

	### PHASE 2:
	enable
	config terminal
	Router1(config)#crypto ipsec transform-set testset esp-des esp-md5-hmac
	Router1(config)#crypto map testmap 10 ipsec-isakmp

	Router1(config-crypto-map)#set peer 10.100.100.2
	Router1(config-crypto-map)#set transform-set myset
	Router1(config-crypto-map)#match address 100
	Router1(config-crypto-map)#end

	### PHASE 3: (Apply Crypto Map to outside Interface)
	enable
	config terminal
	Router1(config)#interface gi0/0
	Router1(config-if)#crypto map testmap

	Router1(config)#access-list 100 permit ip 10.1.1.0 0.0.0.255 10.20.20.0 0.0.0.255

	enable
	config terminal
	ip nat inside source list 1 interface gi0/0 overload
	access-list 1 permit 10.1.1.0 0.0.0.255

	# Change NAT
	enable
	config terminal
	Router1(config)#access-list 122 deny ip 10.1.1.0 0.0.0.255 10.20.20.0 0.0.0.255
	Router1(config)#access-list 122 permit ip 10.1.1.0 0.0.0.255 any

	Config for Router: Router 2

	## Enable Security Package

	enable
	config terminal
	license boot module c2900 technology-package securityk9

	### PHASE 1:
	enable
	config terminal
	Router1(config)#crypto isakmp policy 10
	Router1(config-isakmp)#hash md5
	Router1(config-isakmp)#authentication pre-share
	Router1(config)#crypto isakmp key testkey address 10.100.100.2

	### PHASE 2:
	enable
	config terminal
	Router1(config)#crypto ipsec transform-set testset esp-des esp-md5-hmac
	Router1(config)#crypto map testmap 10 ipsec-isakmp

	Router1(config-crypto-map)#set peer 10.100.100.2
	Router1(config-crypto-map)#set transform-set myset
	Router1(config-crypto-map)#match address 100
	Router1(config-crypto-map)#end

	### PHASE 3: (Apply Crypto Map to outside Interface)
	enable
	config terminal
	Router1(config)#interface gi0/0
	Router1(config-if)#crypto map testmap

	Router1(config)#access-list 100 permit ip 10.10.10.0 0.0.0.255 10.20.20.0 0.0.0.255

	enable
	config terminal
	ip nat inside source list 1 interface gi0/0 overload
	access-list 1 permit 10.10.10.0 0.0.0.255

	# Change NAT
	enable
	config terminal
	Router1(config)#access-list 122 deny ip 10.10.10.0 0.0.0.255 10.20.20.0 0.0.0.255
	Router1(config)#access-list 122 permit ip 10.10.10.0 0.0.0.255 any

	Config for Router: Router 3 for Router 1

	## Enable Security Package

	enable
	config terminal
	license boot module c2900 technology-package securityk9

	### PHASE 1:
	enable
	config terminal
	Router1(config)#crypto isakmp policy 10
	Router1(config-isakmp)#hash md5
	Router1(config-isakmp)#authentication pre-share
	Router1(config)#crypto isakmp key testkey address 172.16.1.1

	### PHASE 2:
	enable
	config terminal
	Router1(config)#crypto ipsec transform-set testset esp-des esp-md5-hmac
	Router1(config)#crypto map testmap 10 ipsec-isakmp

	Router1(config-crypto-map)#set peer 172.16.1.1
	Router1(config-crypto-map)#set transform-set myset
	Router1(config-crypto-map)#match address 100
	Router1(config-crypto-map)#end

	### PHASE 3: (Apply Crypto Map to outside Interface)
	enable
	config terminal
	Router1(config)#interface gi0/0
	Router1(config-if)#crypto map testmap

	Router1(config)#access-list 100 permit ip 10.20.20.0 0.0.0.255 10.1.1.0 0.0.0.255

	enable
	config terminal
	ip nat inside source list 1 interface gi0/0 overload
	access-list 1 permit 10.20.20.0 0.0.0.255

	# Change NAT
	enable
	config terminal
	Router1(config)#access-list 122 deny ip 10.20.20.0 0.0.0.255 10.1.1.0 0.0.0.255
	Router1(config)#access-list 122 permit ip 10.20.20.0 0.0.0.255 any

	Config for Router: Router 3 for Router 2

	## Enable Security Package

	enable
	config terminal
	license boot module c2900 technology-package securityk9

	### PHASE 1:
	enable
	config terminal
	Router1(config)#crypto isakmp policy 10
	Router1(config-isakmp)#hash md5
	Router1(config-isakmp)#authentication pre-share
	Router1(config)#crypto isakmp key testkey address 10.0.0.2

	### PHASE 2:
	enable
	config terminal
	Router1(config)#crypto ipsec transform-set testset esp-des esp-md5-hmac
	Router1(config)#crypto map testmap 10 ipsec-isakmp

	Router1(config-crypto-map)#set peer 10.0.0.2
	Router1(config-crypto-map)#set transform-set myset
	Router1(config-crypto-map)#match address 100
	Router1(config-crypto-map)#end

	### PHASE 3: (Apply Crypto Map to outside Interface)
	enable
	config terminal
	Router1(config)#interface gi0/0
	Router1(config-if)#crypto map testmap

	Router1(config)#access-list 100 permit ip 10.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255

	enable
	config terminal
	ip nat inside source list 1 interface gi0/0 overload
	access-list 1 permit 10.20.20.0 0.0.0.255

	# Change NAT
	enable
	config terminal
	Router1(config)#access-list 122 deny ip 10.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255
	Router1(config)#access-list 122 permit ip 10.20.20.0 0.0.0.255 any