kYxMrsNx

1-------------R1-------------
2hostname R1
3security passwords min-length 10
4enable algorithm-type scrypt secret cisco12345
5username admin01 algorithm-type scrypt secret admin01pass
6ip domain name ccnasecurity.com
7line con 0
8login local
9exec-timeout 0 0
10logging synchronous
11exit
12line vty 0 4
13login local
14transport input ssh
15exec-timeout 0 0
16logging synchronous
17exit
18interface gigabitethernet 0/0
19ip address 209.165.200.225 255.255.255.248
20no shut
21exit
22int serial 0/0/0
23ip address 10.1.1.1 255.255.255.252
24clock rate 2000000
25no shut
26exit
27ip route 0.0.0.0 0.0.0.0 Serial0/0/0
28crypto key generate rsa general-keys modulus 1024
29
30----------------R2------------------
31
32hostname R2
33security passwords min-length 10
34enable algorithm-type scrypt secret cisco12345
35username admin01 algorithm-type scrypt secret admin01pass
36ip domain name ccnasecurity.com
37line con 0
38login local
39exec-timeout 0 0
40logging synchronous
41exit
42line vty 0 4
43login local
44transport input ssh
45exec-timeout 0 0
46logging synchronous
47exit
48interface serial 0/0/0
49ip address 10.1.1.2 255.255.255.252
50no shut
51exit
52interface serial 0/0/1
53ip address 10.2.2.2 255.255.255.252
54clock rate 2000000
55no shut
56exit
57ip route 209.165.200.224 255.255.255.248 Serial0/0/0
58ip route 172.16.3.0 255.255.255.0 Serial0/0/1
59crypto key generate rsa general-keys modulus 1024
60
61-----------------------R3---------------------
62
63hostname R3
64security passwords min-length 10
65enable algorithm-type scrypt secret cisco12345
66username admin01 algorithm-type scrypt secret admin01pass
67ip domain name ccnasecurity.com
68line con 0
69login local
70exec-timeout 0 0
71logging synchronous
72exit
73line vty 0 4
74login local
75transport input ssh
76exec-timeout 0 0
77logging synchronous
78exit
79interface gigabitethernet 0/1
80ip address 172.16.3.1 255.255.255.0
81no shut
82exit
83int serial 0/0/1
84ip address 10.2.2.1 255.255.255.252
85no shut
86exit
87ip route 0.0.0.0 0.0.0.0 Serial0/0/1
88crypto key generate rsa general-keys modulus 1024
89
90
91###########################
92###########################
93###########################
94
95PC-A, PC-B, and PC-C IP ver
96
97###########################
98
99pc-c to ping 209.165.200.225
100
101###########################
102
103-----ASA----
104enable
105write erase
106reload
107
108----REPEAT----
109
110say NO to prompt for config
111enable
112<<enter>>no pswd
113show run (to verify)
114enable
115say No to home-reporting
116say YES to replace RSA key pair
117
118hostname CCNAS-ASA
119domain-name ccnasecurity.com
120enable password cisco12345
121interface Ethernet0/0
122switchport access vlan 2
123no shut
124exit
125interface Ethernet0/1
126switchport access vlan 1 
127no shut
128exit
129interface Ethernet0/2
130switchport access vlan 3
131no shut
132exit
133interface Vlan1
134nameif inside
135security-level 100
136ip address 192.168.1.1 255.255.255.0
137exit
138interface Vlan2
139nameif outside
140security-level 0
141ip address 209.165.200.226 255.255.255.248
142exit
143interface Vlan3
144no forward interface Vlan1
145nameif dmz
146security-level 70
147ip address 192.168.2.1 255.255.255.0
148exit
149object network inside-net
150subnet 192.168.1.0 255.255.255.0
151exit
152object network dmz-server
153host 192.168.2.3
154exit
155access-list OUTSIDE-DMZ extended permit ip any host 192.168.2.3
156
157object network inside-net
158nat (inside,outside) dynamic interface
159
160object network dmz-server
161nat (dmz,outside) static 209.165.200.227
162
163access-group OUTSIDE-DMZ in interface outside
164
165route outside 0.0.0.0 0.0.0.0 209.165.200.225 1
166
167username admin01 password admin01pass
168
169aaa authentication ssh console LOCAL
170aaa authentication http console LOCAL
171
172http server enable
173http 192.168.1.0 255.255.255.0 inside
174ssh 192.168.1.0 255.255.255.0 inside
175ssh timeout 10
176
177####################
178class-map inspection_default
179match default-inspection-traffic
180policy-map global_policy
181class inspection_default
182inspect icmp
183####################
184
185crypto key generate rsa modulus 1024
186-------------------------------------------PC-C:\> ping 209.165.200.226
187
188part 3
189--------------------------------------------
190
191-------------R3---------
192configure terminal
193crypto isakmp enable
194
195
196-------------R1---------
197configure terminal
198crypto isakmp policy 10
199
200----------R3-------------
201
202crypto isakmp policy 10
203authentication pre-share
204encryption 3des
205hash sha
206group 2
207end
208
209-----------R3-------------verify: show crypto isakmp policy
210
211crypto isakmp key SECRET-KEY address 209.165.200.226
212crypto ipsec transform-set ESP-TUNNEL esp-3des esp-sha-hmac
213
214ip access-list extended VPN-ACL
215remark Link to the CCNAS-ASA
216permit ip 172.16.3.0 0.0.0.255 192.168.1.0 0.0.0.255
217exit
218
219
220crypto map S2S-MAP 10 ipsec-isakmp 
221match address VPN-ACL
222set peer 209.165.200.226
223set transform-set ESP-TUNNEL
224exit
225
226interface Serial0/0/1
227crypto map S2S-MAP
228end
229
230
231-----------ASDM
232
233PC-B---Browser---https://192.168.1.1
234Say Yes to certificate
235Run ASDM on page
236admin01 admin01pass
237observe dmz,inside,outside at top-right.
238Wizards-VPN wizards- Site to site VPN wizard
239Next
240Peer IP Address: 10.2.2.1 (r3 serial 001), outside
241Next
242inside-network/24
243172.16.3.0/24
244Next
245##Note: If the ASA does not respond, 
246##you may need to close the window and continue to the next step. 
247##If prompted to authenticate, 
248##log in again as admin01 with the password admin01pass.
249Simple Configuration
250SECRET-KEY
251Next
252Exempt ASA, inside
253Next
254Finish, admin01 admin01pass (If asked to authenticate).
255--------------------------
256Configurations-Site to site vpn-connection profiles.
257Monitoring-VPN------Vpn statistics-sessions.
258----------------------From PC-B, ping 172.16.3.3 (pc-c)
259ASDM monitoring-vpn-vpn statistics-sessions-(Refresh)
260encryption statistics-see one or more 3des encryptions
261crypto statistics-see values for number of packets encrypted and decrypted.
262---------------------------------------------------------------------------.