Create VPN Using Cisco Packet Tracer 5.3




Create network as shown in first image or download ready made template [VPN.pkt]
Then run following commands:
For Router1: type the following commands :
Enable IPsec
  • Router(config)#crypto isakmp enable        
Set new policy with number 1 
  • Router(config)#crypto isakmp policy 1   
Using shred key authentication method (if use certification use rsa-sig instead of pre-share)  
  • Router(config-isakmp)#authentication pre-share 
Use symmetric encryption AES
  • Router(config-isakmp)#encryption aes      
Use hash alghorthim sha for data integrity
  • Router(config-isakmp)#hash sha  
Use diffe helman group 2             
  • Router(config-isakmp)#group 2                 
  • Router(config-isakmp)#exit
0 is the key will used with next site , next site ip address 11.0.0.1 and note on packet tracer you use 0.0.0.0 instead of subnetmask
  • Router(config)#crypto isakmp key 0 address 11.0.0.1  0.0.0.0 
Set transform set called yasser and esp is the protocol will be used , u can use AH on internal VPN
  • Router(config)#crypto ipsec transform-set yasser esp-aes esp-sha-hmac   
Key expire after 86400 seconds
  • Router(config)#crypto ipsec security-association lifetime seconds 86400      
ACL called ramzy to tell which traffic will use the vpn tunnel   
  • Router(config)#ip access-list extended ramzy  
  • Router(config-ext-nacl)#permit ip 12.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
  • Router(config-ext-nacl)#exit
Create crypto map called auda with seq number 100
  • Router(config)#crypto map auda 100 ipsec-isakmp                    
  • % NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured.
Link above ACL to this crypto map
  • Router(config-crypto-map)#match address ramzy              
Link next site ip address to this crypto map
  • Router(config-crypto-map)#set peer  11.0.0.1               
Link DH group 2 to this crypto mapRouter(config-crypto-map)#set pfs group2 
  
Link above transform set to this crypto map 
  • Router(config-crypto-map)#set transform-set  yasser           Router(config-crypto-map)#ex
Apply crypto map auda to interface face the next site link.
  • Router(config)#int fa 0/1
  • Router(config-if)#crypto map auda
*Jan  3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
  • Router(config-if)#do wr
Building configuration...[OK]
  • Router(config-if)#^Z
  • Router#


  • For Router0:Type the following commands :
Router(config)#crypto isakmp enable
Router(config)#crypto isakmp policy 1
Router(config-isakmp)#authentication pre-share
Router(config-isakmp)#encryption aes
Router(config-isakmp)#group 2
Router(config-isakmp)#hash sha
Router(config-isakmp)#exit
Router(config)#crypto isakmp key 0 address 11.0.0.2 0.0.0.0
Router(config)#crypto ipsec transform-set yasser esp-aes esp-sha-hmac
Router(config)#crypto ipsec security-association lifetime seconds 86400
Router(config)#ip access-list extended ramzy
Router(config-ext-nacl)#permit ip 10.0.0.0 0.255.255.255 12.0.0.0 0.255.255.255
Router(config-ext-nacl)#exit
Router(config)#crypto map auda 100 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
        and a valid access list have been configured.
Router(config-crypto-map)#match address ramzy
Router(config-crypto-map)#set peer 11.0.0.2
Router(config-crypto-map)#set pfs group2
Router(config-crypto-map)#set transform-set yasser
Router(config-crypto-map)#exit
Router(config)#interface fastEthernet 0/1
Router(config-if)#crypto map auda
*Jan  3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
Router(config-if)#exit
Router(config)#do wr
Building configuration...
[OK]
Router(config)#


  • Then send packet from PC0 to PC1 as shown in following figure.

It will show failed initially as routing info in not present in routers.
  • Now send packet from PC1 to PC0 & PC1 to PC0 as shown in following figure.
Now packet will be delivered successfully.

Final Output.
Now you can try following commands to test VPN on router.

Router#show crypto Isakmp policy
Router#show crypto isakmp sa
Router#show crypto map
Router#show crypto ipsec sa  

Incoming Search Terms:

  • VPN using Packet tracer
  • Virtual private Network in Cisco packet tracer
  • how to create VPN in packet tracer
  • packet tracer working commands VPN
  • configuration of vpn topology on packet tracer 
  • vpn configuration in packet tracer pdf
  • remote access vpn packet tracer
  • vpn configuration on cisco router step by step pdf
  • cisco asa packet tracer site-to-site vpn
  • client to site vpn using packet tracer
  • asa packet tracer vpn.
  • site to site vpn packet tracer

Post a Comment

0 Comments