Course Hero Logo

Note you can also copy the commands directly from the

  • No School
  • AA 1
  • RUPESHkc
  • 95

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 54 - 57 out of 95 pages.

Note:You can also copy the commands directly from theGenerate Mirrorwindow.c.(Optional) Edit the file to remove the explanation text at the beginning and the description entryfollowing thecrypto map SDM_CMAP_1command.Sub Task 4: Apply the Mirror Configuration to R3 and Verify the ConfigurationStep 1: Access the R3 CLI and copy the mirror commands.Note:You can also use SDM on R3 to create the appropriate VPN configuration, but copying andpasting the mirror commands generated from R1 is easier.a.On R3, enter privileged EXEC mode and then global config mode.b.Copy the commands from the text file into the R3 CLI.
ACMA formT019Page55 of 95September 2016Step 2: Apply the crypto map to the R3 S0/0/1 interface.R3(config)#interface s0/0/1R3(config-if)#crypto map SDM_CMAP_1*Jan 30 13:00:38.184: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ONStep 3: Verify the VPN configuration on R3 using Cisco IOS.a.Display the running config beginning with the first line that contains the string “0/0/1” to verifythat the crypto map is applied to S0/0/1.R3#sh run | beg 0/0/1interface Serial0/0/1ip address 10.2.2.1 255.255.255.252crypto map SDM_CMAP_1b.On R3, use theshow crypto isakmp policycommand to show the configured ISAKMPpolicies on the router. Note that the default SDM policy is also present.R3#show crypto isakmp policyGlobal IKE policyProtection suite of priority 1encryption algorithm:Three key triple DEShash algorithm:Secure Hash Standardauthentication method:Pre-Shared KeyDiffie-Hellman group:#2 (1024 bit)lifetime:86400 seconds, no volume limitProtection suite of priority 10encryption algorithm:AES - Advanced Encryption Standard (256 bit keys).hash algorithm:Message Digest 5authentication method:Pre-Shared KeyDiffie-Hellman group:#5 (1536 bit)lifetime:28800 seconds, no volume limitc.In the above output, how many ISAKMP policies are there?d.Issue theshow crypto ipsec transform-setcommand to display the configured IPsec policiesin the form of the transform sets.R3#show crypto ipsec transform-setTransform set Lab-Transform: { esp-256-aes esp-sha-hmac}will negotiate = { Tunnel,},Transform set #$!default_transform_set_1: { esp-aes esp-sha-hmac}will negotiate = { Transport,},Transform set #$!default_transform_set_0: { esp-3des esp-sha-hmac}will negotiate = { Transport,},e.Use theshow crypto mapcommand to display the crypto maps that will be applied to therouter.R3#show crypto mapCrypto Map "SDM_CMAP_1" 1 ipsec-isakmpDescription: Apply the crypto map on the peer router's interface havingIP address 10.2.2.1 that connects to this router.Peer = 10.1.1.1
ACMA formT019Page56 of 95September 2016Extended IP access list SDM_1access-list SDM_1 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255Current peer: 10.1.1.1Security association lifetime: 4608000 kilobytes/3600 secondsPFS (Y/N): NTransform sets={Lab-Transform:{ esp-256-aes esp-sha-hmac} ,}Interfaces using crypto map SDM_CMAP_1:Serial0/0/1f.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 95 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Fall
Professor
NoProfessor
Tags
IP address, ACMA

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture