GRE Tunnel in GNS3 - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Saturday, January 14, 2012

GRE Tunnel in GNS3

GNS3 Topology



  • R1, R2, R3, R4, R5, R6, R7 all uses same IOS : c3640-ik9o3s-mz.124-10.bin. 3600 Software (C3640-IK9O3S-M), Version 12.4(10), RELEASE SOFTWARE (fc1)
  • R5 is acting as Internet Router. It is only configured local interface ip address. No static and dynamic routing configured
  • R1, R3 will be acted as a pair to configure GRE and IPSec Tunnel, and also configured as main link between R6 and R7
  • R2, R4 will be acted as second pair to configure GRE and IPSec Tunnel. It will be set as secondly link between R6 and R7
  • R5 Configuration:


R5#sh run
interface Ethernet0/0
 ip address 1.1.1.2 255.255.255.0
 full-duplex
!
interface Ethernet0/1
 ip address 2.2.2.2 255.255.255.0
 full-duplex
!
interface Ethernet0/2
 ip address 3.3.3.2 255.255.255.0
 full-duplex
!
interface Ethernet0/3
 ip address 4.4.4.2 255.255.255.0
 full-duplex
!

1. GRE Tunnel 
Packet Capture Result from R1 loopback address (11.11.11.11) to R3 loopback address (33.33.33.33)

2. R1 Configuration:

R1#sh run
Building configuration...

Current configuration : 991 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
interface Loopback0
 ip address 11.11.11.11 255.255.255.0
!
interface Tunnel0
 ip unnumbered Ethernet0/1
 tunnel source Ethernet0/0
 tunnel destination 3.3.3.1
!
interface Ethernet0/0
 ip address 1.1.1.1 255.255.255.0
 full-duplex
!
interface Ethernet0/1
 ip address 16.16.16.16 255.255.255.0
 shutdown
 full-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 full-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 full-duplex
!
no ip http server
no ip http secure-server
!
ip route 3.3.3.0 255.255.255.0 1.1.1.2
ip route 33.33.33.0 255.255.255.0 Tunnel0
!
control-plane
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 login
!
!
end
3. R3 configuration:


R3#sh run
Building configuration...

Current configuration : 991 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
interface Loopback0
 ip address 33.33.33.33 255.255.255.0
!
interface Tunnel0
 ip unnumbered Ethernet0/1
 tunnel source Ethernet0/0
 tunnel destination 1.1.1.1
!
interface Ethernet0/0
 ip address 3.3.3.1 255.255.255.0
 full-duplex
!
interface Ethernet0/1
 ip address 37.37.37.37 255.255.255.0
 shutdown
 full-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 full-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 full-duplex
!
no ip http server
no ip http secure-server
!
ip route 1.1.1.0 255.255.255.0 3.3.3.2
ip route 11.11.11.0 255.255.255.0 Tunnel0
!
control-plane
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 login
!
!
end

4. Ping Result:
R1#ping
Protocol [ip]:
Target IP address: 33.33.33.33
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 11.11.11.11
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
Packet sent with a source address of 11.11.11.11
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/39/60 ms
R1#

No comments:

Post a Comment