12-31-2012 09:14 PM - edited 03-04-2019 06:32 PM
i still learning ccna and i bit confious what is tunnel about.
Solved! Go to Solution.
12-31-2012 09:25 PM
hi
Tunneling encapsulates data packets from one protocol inside a different protocol and transports the data packets unchanged across a foreign network
There are different types of tunnleing like, GRE, IPSEC, MPLS,...
Since you are talking about CCNA, I assume you may be referring to GRE
Here is a sample config of GRE
Interface tunnel 1
ip address
tunnel source
tunnel destination
You need similar configurations at both sides for the tunnel to work
Thanks
Raju
12-31-2012 09:25 PM
hi
Tunneling encapsulates data packets from one protocol inside a different protocol and transports the data packets unchanged across a foreign network
There are different types of tunnleing like, GRE, IPSEC, MPLS,...
Since you are talking about CCNA, I assume you may be referring to GRE
Here is a sample config of GRE
Interface tunnel 1
ip address
tunnel source
tunnel destination
You need similar configurations at both sides for the tunnel to work
Thanks
Raju
12-31-2012 10:42 PM
thanks raj..
how about if i want to use ipsec protocol
what is the configuration?
12-31-2012 11:30 PM
You can refer the below link for the IPSEC configuration example
Thanks
Raju
01-01-2013 01:52 AM
Dear muzazamubika12
GRE tunnel is simple tunnel which provide to you for remote access network or center.
In the GRE tunnel you have to configure source and destination IP add.
IPsec tunnel have security and authentication step. you end and remote end you have to configure same authentication and pre-share Key. if both are match then only you are able to communication with your remote site.
IPSec Site to Site VPN Configuration below
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key XXX address 10.10.10.10
// set your key insted of XXX and it must match with your remote site. after that write address of your peer
crypto isakmp invalid-spi-recovery
!
!
crypto ipsec transform-set XXX esp-3des esp-md5-hmac
!
crypto map YYY local-address <<
crypto map YYY 10 ipsec-isakmp
set peer 10.10.10.10
set transform-set ZZZ
match address 101
interface <<
crypto map YYYY
access-list 101 permit ip 192.168.1.0 0.0.0.255 11.11.11.11 (Remote user) 255.255.255.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 22.22.22.22(Remote user) 255.255.255.255
After that configure NAT and deny your remote IP in the NAT access list. if you deny then only your packets travel inside the VPN tunnel and packet will b en crypt. if you forget to deny then your packet travel over Internet
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: