Router(config)#router opsf 10 Enable OSPF routing protocol under process

ID 10.
Router(config-router) Enable OSPF with area 0 on matching
#network [Link] interface.
[Link] area 0
Router(config)#interface Create a Loopback interface and move in sub
loopback 0 interface configuration mode
Router(config-if) #ip address Assign IP address to loopback interface.
[Link]
[Link]
Router(config-router) Set [Link] as router ID
#router-id [Link]
Router(config)#interface serial Inter in sub interface configuration mode
0/0
Router(config-if) #ip ospf Used to influence DR/BDR selection process.
priority 100 Valid range is 0 to 255. 0 makes router
ineligible for DR/BDR while 255 makes router
guaranteed DR/BDR. Higher priority value
means higher chance of becoming DR/BDR.
Router(config-if)#bandwidth Used to influence route metric cost. Cost is the
256 inverse of bandwidth. Higher bandwidth has
lower cost. Bandwidth is defined in Kbps. 256
means 256 Kbps.
Router(config-if)#ip ospf Set hello interval timer to 15 seconds. Hello
hello-interval timer 15 timer must be match on both routers in order
become neighbors.
Router(config-if)#ip ospf Set dead interval timer to 60 seconds. Dead
dead-interval 60 interval timer must be match on both routers
in order to become neighbor
Router#show ip route Display all routes from routing table
Router#show ip route ospf Display all routers learned through OSPF from
routing table
Router#show ip ospf Display basic information about OSPF
Router#show ip ospf interface Display information about all OSPF active
interfaces
Router#show ip ospf interface Display OSPF information about serial 0/0/0
serial 0/0/0 interface
Router#show ip ospf neighbor OSPF neighbors with basic info
List all
Router#show ip ospf neighbor List OSPF neighbors with detail info
detail
Router#show ip ospf database Display data for OSPF database
Router#clear ip route * Clear all routes from routing table.
Router#clear ip route Clear particular route from routing table
[Link]/8
Router#clear ip ospf counters Clear OSPF counters
Router#debug ip ospf events Display all ospf events
Router#debug ip ospf packets Display exchanged OSPF packets
Router#debug ip ospf
adjacency Display DR/BDR election process state
Router (config) #access-list 1 permit ip + Wild card mask

Router (config) #ip nat inside source list 1 interface ----

overload
OR
Router (config) # ip nat pool –name of pool-- start ip end ip
netmask --
Router (config) #ip nat inside source list 1 Pool ---- overload

Router (config) #int Gi0/0

Router (config-if) #ip nat inside

Router (config-if) #int Gi0/1

Router (config-if) #ip nat outside

Step 1:First Design the Topology diagram and assign IP Addreses.

Step 2: Configure Both NTP Server with key 1 and password .

D(config)#ntp server [Link]

D(config)#ntp authentication-key ----- md5-------
D(config)#ntp authenticate
D(config)#ntp update calendar.
Verify:-
D#show ntp status
Router(config)#service timestamp log datetime msec
Router(config)#logging on
Router(config)#logging host ----- “static ip of server”
Router(config)#logging ----- “static ip of server”
Router(config)#logging trap debugging
OR Store log to every devices’ buffer
Router(config)#logging buffered 5000

R1(config)#snmp-server community R1 ro
R1(config)#snmp-server community R1rw rw

Then :

Click on PC1 and click the Desktop tab, then open MIB Browser.
On the opened MIB browser page, click Advanced tab to open the Advanced page.

Enter the information like the screenshot or below table.

Address: [Link]. This is the R1 IP address.

Read Community: R1. It has taken from the read-only (ro) community name.

Write Community: R1rw, it is the name of reading and writes (rw) community.

From the SNMP Version, select V3 and click OK.

on the MIB browser page expend MIB tree to the system and select each value then hit
the GO button to display the exact information on Router1.

Standard ACLs
access-list 1 permit [Link] [Link]
access-list 1 deny any

Extended ACLs
access-list 101 permit icmp any [Link] [Link] eq www
access-list 1 deny ip any any
executing ACLs
line vty 0 4

access-class 1 in
int g0/0
access-group 101 “ in/out”

step1: Setup the ISAKMP policy (for IKE phase1)

----------------------------------------------

HQ(config)#crypto isakmp policy 2

HQ(config-isakmp)#authentication pre-share

HQ(config-isakmp)#encryption aes

HQ(config-isakmp)#group 2

HQ(config-isakmp)#hash sha

To Verify: HQ#show crypto isakmp policy

HQ# debug crypto isakmp

Configure pre-shared keys:

HQ(config)#crypto isakmp key CISCO address [Link]

step2: Setup IPSEC transform-set (for IKE phase2 )

--------------------------------------------------

HQ(config)#crypto ipsec transform-set NAME esp-aes 256 ah-sha-hmac

To Verify: HQ# show crypto ipsec transform-set

HQ# show crypto ipsec sa

HQ# debug crypto ipsec

step3: Define interesting traffic (Must Mirror)

-----------------------------------------------

R1(config)#ip access-list extended LIST

R1(config-ext-nacl)#permit ip [Link] [Link] [Link]

[Link]
step4: Setup crypto map

----------------------

R1(config)#crypto map VPN_MAP 10 ipsec-isakmp

R1(config-crypto-map)#match address LIST

R1(config-crypto-map)#set peer [Link]

R1(config-crypto-map)#set transform-set ----

where LIST is the name of the ACL

R1(config-crypto-map)#set transform-set NAME

where NAME is the name of the IPSEC transform-set

To Verify: R1# show crypto map

setp5: Assign crypto map to interafce

------------------------------------

R1(config)#int s1/0

R1(config-if)#crypto map VPN_MAP

Verify IPsec VPN Operation:

R1# show crypto isakmp sa

R1# show crypto ipsec sa