Project name: ccna-vpn-gre-0001-gre
enable configure terminal ! hostname R1 no ip domain-lookup line console 0 exec-timeout 0 0 logging synchronous exit ! interface GigabitEthernet 0/0 ip address 10.100.0.1 255.255.255.0 no shutdown exit interface GigabitEthernet 0/1 ip address 100.0.0.1 255.255.0.0 no shutdown exit ! end write
enable configure terminal ! hostname R2 no ip domain-lookup line console 0 exec-timeout 0 0 logging synchronous exit ! interface GigabitEthernet 0/0 ip address 10.200.0.2 255.255.255.0 no shutdown exit interface GigabitEthernet 0/1 ip address 200.0.0.2 255.255.0.0 no shutdown exit ! end write
enable configure terminal ! hostname R3 no ip domain-lookup line console 0 exec-timeout 0 0 logging synchronous exit ! interface GigabitEthernet 0/0 ip address 34.0.0.3 255.255.255.0 no shutdown exit interface GigabitEthernet 0/1 no shutdown exit ! end write
enable configure terminal ! hostname R4 no ip domain-lookup line console 0 exec-timeout 0 0 logging synchronous exit ! interface GigabitEthernet 0/0 ip address 34.0.0.4 255.255.255.0 no shutdown exit interface GigabitEthernet 0/1 no shutdown exit ! end write
ip 10.100.0.100 255.255.255.0 10.100.0.1 save
ip 10.200.0.200 255.255.255.0 10.200.0.2 save
configure terminal ! router bgp 3 neighbor 34.0.0.4 remote-as 4 network 100.0.0.1 mask 255.255.255.255 exit ! end
configure terminal ! router bgp 3 neighbor 34.0.0.3 remote-as 3 network 200.0.0.2 mask 255.255.255.255 exit ! end
configure terminal ! interface GigabitEthernet 0/1 no ip address pppoe enable pppoe-client dial-pool-number 10 exit ! interface GigabitEthernet 0/0 ip tcp adjust-mss 1356 exit ! interface Loopback 1 ip address 100.0.0.1 255.255.255.0 exit ! interface Dialer 1 ip unnumbered Loopback 1 ip mtu 1454 encapsulation ppp dialer pool 10 dialer-group 20 ppp authentication chap callin ppp chap hostname ccie@example.com ppp chap password cc13 no shutdown exit ! ip route 200.0.0.0 255.255.0.0 Dialer 1 ip route 34.0.0.0 255.255.255.0 Dialer 1 ! dialer-list 20 protocol ip permit ! end
configure terminal ! interface GigabitEthernet 0/1 no ip address pppoe enable pppoe-client dial-pool-number 10 exit ! interface GigabitEthernet 0/0 ip tcp adjust-mss 1356 exit ! interface Loopback 1 ip address 200.0.0.2 255.255.255.0 exit ! interface Dialer 1 ip unnumbered Loopback 1 ip mtu 1454 encapsulation ppp dialer pool 10 dialer-group 20 ppp authentication chap callin ppp chap hostname ccie@example.com ppp chap password cc13 no shutdown exit ! ip route 100.0.0.0 255.255.0.0 Dialer 1 ip route 34.0.0.0 255.255.255.0 Dialer 1 ! dialer-list 20 protocol ip permit ! end
configure terminal ! username ccie@example.com password cc13 ! ip local pool POOL1 100.0.0.1 ! interface Loopback1 ip address 100.1.3.3 255.255.255.0 exit ! interface Virtual-Template1 mtu 1454 ip unnumbered Loopback1 peer default ip address pool POOL1 ppp authentication chap exit ! bba-group pppoe PPPOE-GROUP1 virtual-template 1 exit ! interface GigabitEthernet 0/1 no ip address pppoe enable group PPPOE-GROUP1 no shut exit ! end
configure terminal ! username ccie@example.com password cc13 ! ip local pool POOL1 200.0.0.2 ! interface Loopback1 ip address 200.2.4.4 255.255.255.0 exit ! interface Virtual-Template1 mtu 1454 ip unnumbered Loopback1 peer default ip address pool POOL1 ppp authentication chap exit ! bba-group pppoe PPPOE-GROUP1 virtual-template 1 exit ! interface GigabitEthernet 0/1 no ip address pppoe enable group PPPOE-GROUP1 no shut exit ! end
configure terminal ! interface GigabitEthernet 0/0 ! MSS 1500 - 24 = 1476 (Ethernet + GRE) ! MSS 1500 - 8 = 1492 (PPPoE) ! MSS 1454 - 40 = 1414 (NTT NGN + PPPoE) ! MSS 1454 - 40 - 24 = 1390 (NTT NGN + PPPoE + GRE) ! MSS 1356 - 24 = 1332 (NTT NGN + PPPoE + IPsec(3des, md5-hamc)+ GRE) ip tcp adjust mss 1332 exit ! interface Tunnel 0 ip address 192.168.0.1 255.255.255.252 tunnel source 100.0.0.1 tunnel destination 200.0.0.2 keepalive 10 5 exit ! ip route 10.200.0.0 255.255.255.0 Tunnel 0 ! end
configure terminal ! interface GigabitEthernet 0/0 ! MSS 1356 - 24 = 1332 (NTT NGN + PPPoE + IPsec(3des, md5-hamc)+ GRE) ip tcp adjust mss 1332 exit ! interface Tunnel 0 ip address 192.168.0.2 255.255.255.252 tunnel source 200.0.0.2 tunnel destination 100.0.0.1 keepalive 10 5 exit ! ip route 10.100.0.0 255.255.255.0 Tunnel 0 ! end
configure terminal ! interface GigabitEthernet 0/0 ! MSS 1356 - 24 = 1332 (NTT NGN + PPPoE + IPsec(3des, md5-hamc)+ GRE) ip tcp adjust mss 1332 exit ! interface Tunnel 0 ip address 192.168.0.1 255.255.255.252 tunnel source 100.0.0.1 tunnel destination 200.0.0.2 exit ! router ospf 1 network 10.100.0.1 0.0.0.0 area 0 network 192.168.0.1 0.0.0.0 area 0 exit ! end
configure terminal ! interface GigabitEthernet 0/0 ! MSS 1356 - 24 = 1332 (NTT NGN + PPPoE + IPsec(3des, md5-hamc)+ GRE) ip tcp adjust mss 1332 exit ! interface Tunnel 0 ip address 192.168.0.2 255.255.255.252 tunnel source 200.0.0.2 tunnel destination 100.0.0.1 exit ! router ospf 1 network 10.200.0.2 0.0.0.0 area 0 network 192.168.0.2 0.0.0.0 area 0 exit ! end
R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#int Tunn R1(config)#int Tunnel 0 R1(config-if)#ip add R1(config-if)#ip address *Apr 11 20:53:56.068: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down R1(config-if)#ip address 192.168.0.1 255.255.255.252 R1(config-if)#tu R1(config-if)#tunnel sou R1(config-if)#tunnel source 100.0.0.1 R1(config-if)#tun R1(config-if)#tunnel des R1(config-if)#tunnel destination 200.0.0.2 R1(config-if)#k *Apr 11 20:54:27.480: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up R1(config-if)#ke R1(config-if)#keepalive 10 5 R1(config-if)#exit R1(config)#ip route 10.200.0.0 255.255.255.0 tu R1(config)#ip route 10.200.0.0 255.255.255.0 tunnel 0 R1(config)# *Apr 11 20:55:25.095: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down R1(config)#int gig0/0 R1(config-if)#ip tc R1(config-if)#ip tcp ad R1(config-if)#ip tcp adjust-mss 1332 R1(config-if)# *Apr 11 20:57:05.104: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up R1(config-if)#exit R1(config)#do ping 10.200.0.200 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.200.0.200, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 6/7/8 ms R1(config)#do ping 10.200.0.200 source 100.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.200.0.200, timeout is 2 seconds: Packet sent with a source address of 100.0.0.1 .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 6/256/1005 ms
R2#conf t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#int gig0/0 R2(config-if)#ip tc R2(config-if)#ip tcp ad R2(config-if)#ip tcp adjust-mss 1332 R2(config-if)#int tunn0 R2(config-if)# *Apr 11 20:56:18.973: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down R2(config-if)#ip add R2(config-if)#ip address 192.168.0.2 255.255.255.252 R2(config-if)#tu R2(config-if)#tunnel so R2(config-if)#tunnel source 200.0.0.2 R2(config-if)#tu R2(config-if)#tunnel des R2(config-if)#tunnel destination 100.0.0.1 R2(config-if)# *Apr 11 20:56:49.333: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up R2(config-if)#ke R2(config-if)#keepalive 10 5 R2(config-if)#exit R2(config)#ip router 10.100.0.0 255.255.255.0 tun R2(config)#ip router 10.100.0.0 255.255.255.0 tunn R2(config)#ip route 10.100.0.0 255.255.255.0 tunn R2(config)#ip route 10.100.0.0 255.255.255.0 tunnel 0
correct
has issue: return packets are not encapsulated GRE. it must be dropped.
configure ACL on R2 side.
R2(config)#ip acce R2(config)#ip access-list ex R2(config)#ip access-list extended A-security-out R2(config-ext-nacl)#den R2(config-ext-nacl)#deny ip 10.200.0.0 0.0.0.255 an R2(config-ext-nacl)#deny ip 10.200.0.0 0.0.0.255 any R2(config-ext-nacl)#permi R2(config-ext-nacl)#permit an R2(config-ext-nacl)#permit any any ^ % Invalid input detected at '^' marker. R2(config-ext-nacl)#permit ip an R2(config-ext-nacl)#permit ip any an R2(config-ext-nacl)#permit ip any any R2(config-ext-nacl)#int dia1 R2(config-if)#ip access R2(config-if)#ip access-group A-security-out out R2(config-if)#noip access-group A-security-out out ^ % Invalid input detected at '^' marker. R2(config-if)#no ip access-group A-security-out out R2(config-if)#ip access-group A-security-out out
R1(config-ext-nacl)#do ping 10.200.0.200 source 100.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.200.0.200, timeout is 2 seconds: Packet sent with a source address of 100.0.0.1 ..... Success rate is 0 percent (0/5) R1(config-ext-nacl)#
works fine
R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#int gig0/0 R1(config-if)#ip ad R1(config-if)#ip tc R1(config-if)#ip tcp ad R1(config-if)#ip tcp adjust-mss 1332 R1(config-if)#int tunnel 0 R1(config-if)# *Apr 11 22:51:00.006: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down R1(config-if)#ip add R1(config-if)#ip address 192.168.0.1 255.255.255.252 R1(config-if)#tunne R1(config-if)#tunnel so R1(config-if)#tunnel source dia R1(config-if)#tunnel source dialer 1 R1(config-if)#tunn R1(config-if)#tunnel des R1(config-if)#tunnel destination 200 R1(config-if)#tunnel destination 200.0.0.1 R1(config-if)# *Apr 11 22:51:56.139: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up R1(config-if)#do ping 192.168.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R1(config-if)#tunnel source loo R1(config-if)#tunnel source loopback 1 R1(config-if)#do ping 192.168.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R1(config-if)#do ping 192.168.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R1(config-if)#kee R1(config-if)#keepalive 10 5 R1(config-if)#do ping 192.168.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R1(config-if)#do ping 192.168.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds: ... Success rate is 0 percent (0/3) R1(config-if)#tunnel source loopback *Apr 11 22:56:09.028: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down R1(config-if)#do sh ip int tun0 Tunnel0 is up, line protocol is down Internet address is 192.168.0.1/30 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1430 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP CEF switching is enabled IP CEF switching turbo vector IP Null turbo vector IP multicast fast switching is enabled R1(config-if)#tunn R1(config-if)#tunnel so R1(config-if)#tunnel source 100.0.0.1 R1(config-if)#tu R1(config-if)#tunnel so R1(config-if)#tunnel source dia R1(config-if)#tunnel source dialer 1 R1(config-if)#tu R1(config-if)#tunnel des R1(config-if)#tunnel destination 200.0.0.2 R1(config-if)# *Apr 11 22:57:49.034: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up R1(config-if)#do ping 192.168.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 5/8/11 ms R1(config-if)#router ospf 1 R1(config-router)#network 10.100.0.1 0.0.0.0 are R1(config-router)#network 10.100.0.1 0.0.0.0 area 0 R1(config-router)#ne R1(config-router)#netwo R1(config-router)#network 192.168.0.1 0.0.0.0 area 0 R1(config-router)# *Apr 11 23:03:46.160: %OSPF-5-ADJCHG: Process 1, Nbr 200.0.0.2 on Tunnel0 from LOADING to FULL, Loading Done R1(config-router)#do sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 200.0.0.2 0 FULL/ - 00:00:38 192.168.0.2 Tunnel0 R1(config-router)#do sh ip ro ospf Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks O 10.200.0.0/24 [110/1001] via 192.168.0.2, 00:00:13, Tunnel0 R1(config-router)#ping 10.200.0.204 ^ % Invalid input detected at '^' marker. R1(config-router)#do ping 10.200.0.204 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.200.0.204, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/10/18 ms
R2#conf t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#int gig0/0 R2(config-if)#ip tc R2(config-if)#ip tcp ad R2(config-if)#ip tcp adjust-mss 1332 R2(config-if)#int tun0 R2(config-if)# *Apr 11 22:51:16.347: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down R2(config-if)#tunn R2(config-if)#tunnel sou R2(config-if)#tunnel source dia R2(config-if)#tunnel source dialer 1 R2(config-if)#ip add R2(config-if)#ip address 192.168.0.2 255.255.255.252 R2(config-if)#tu R2(config-if)#tunnel des R2(config-if)#tunnel destination 100.0.0.1 R2(config-if)# *Apr 11 22:53:04.664: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up R2(config-if)#tunnel source loo R2(config-if)#tunnel source loopback 1 R2(config-if)#kee R2(config-if)#keepalive 10 5 R2(config-if)# *Apr 11 22:56:15.362: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down R2(config-if)#do sh ip int tun0 Tunnel0 is up, line protocol is down Internet address is 192.168.0.2/30 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1430 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP CEF switching is enabled IP CEF switching turbo vector IP Null turbo vector IP multicast fast switching is enabled R2(config-if)#tunn R2(config-if)#tunnel so R2(config-if)#tunnel source 200.0.0.2 R2(config-if)#tunnel source dia R2(config-if)#tunnel source dialer 1 R2(config-if)#tun R2(config-if)#tunnel *Apr 11 22:57:55.370: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up R2(config-if)#tunnel des R2(config-if)#tunnel destination 100.0.0.1 R2(config-if)#router ospf 1 R2(config-router)#netwo R2(config-router)#network 10.200.0.2 0.0.0.0 area 0 R2(config-router)#netwo R2(config-router)#network 192.168.0.2 0.0.0.0 area 0 R2(config-router)# *Apr 11 23:03:47.152: %OSPF-5-ADJCHG: Process 1, Nbr 100.0.0.1 on Tunnel0 from LOADING to FULL, Loading Done
PC-1> ping 10.200.0.204 84 bytes from 10.200.0.204 icmp_seq=1 ttl=62 time=6.818 ms 84 bytes from 10.200.0.204 icmp_seq=2 ttl=62 time=6.569 ms 84 bytes from 10.200.0.204 icmp_seq=3 ttl=62 time=5.863 ms 84 bytes from 10.200.0.204 icmp_seq=4 ttl=62 time=4.850 ms 84 bytes from 10.200.0.204 icmp_seq=5 ttl=62 time=5.164 ms PC-1>
PC-3 - PC-4
ifconfig eth0 10.100.0.103 netmask 255.255.255.0 broadcast 10.100.0.255 route add default gw 10.100.0.1 eth0
ifconfig eth0 10.200.0.204 netmask 255.255.255.0 broadcast 10.200.0.255 route add default gw 10.200.0.2 eth0
echo "hello, PC-4">index.html php -S 0.0.0.0:80
curl http://10.200.0.204/index.html