Setting GRE Tunnel VPN Cisco – GNS3 Lab21

Setting GRE Tunnel VPN Cisco – GNS3 Lab21

  • R1 FastEthernet 0/0 : 10.10.10.2
  • R1 FastEthernet 0/1 : 20.20.20.2
  • R2 FastEthernet 0/0 : 10.10.10.1
  • R2 FastEthernet 0/1 : 192.168.10.1
  • R2 Tunnel 1 : 172.1.1.1
  • R2 FastEthernet 0/0 : 20.20.20.1
  • R2 FastEthernet 0/1 : 192.168.20.1
  • R2 Tunnel 1 : 172.1.1.2
  • PC1 : 192.168.10.2
  • PC2 : 192.168.20.2

Setting IP address

  • R1
R1# configure terminal
R1(config)# interface fastEthernet 0/0
R1(config-if)# ip address 10.10.10.2 255.255.255.0
R1(config-if)# no shutdown
R1(config-if)# exit

R1(config)# interface fastEthernet 0/1
R1(config-if)# ip address 20.20.20.2 255.255.255.0
R1(config-if)# no shutdown
R1(config-if)# exit
  • R2
R2# configure terminal
R2(config)# interface fastEthernet 0/0
R2(config-if)# ip address 10.10.10.1 255.255.255.0
R2(config-if)# no shutdown
R2(config-if)# exit

R2(config)# interface fastEthernet 0/1
R2(config-if)# ip address 192.168.10.1 255.255.255.0
R2(config-if)# no shutdown
R2(config-if)# exit
  • R3
R3# configure terminal
R3(config)# interface fastEthernet 0/0
R3(config-if)# ip address 20.20.20.1 255.255.255.0
R3(config-if)# no shutdown
R3(config-if)# exit

R3(config)# interface fastEthernet 0/1
R3(config-if)# ip address 192.168.20.1 255.255.255.0
R3(config-if)# no shutdown
R3(config-if)# exit

Setting EIGRP

  • R1
R1# configure terminal
R1(config)# router eigrp 1
R1(config-router)# network 10.10.10.0
R1(config-router)# network 20.20.20.0
  • R2
R2# configure terminal
R2(config)# router eigrp 1
R2(config-router)# network 10.10.10.0
  • R3
R3# configure terminal
R3(config)# router eigrp 1
R3(config-router)# network 20.20.20.0

Setting GRE Tunnel

  • R2
R2# configure terminal
R2(config)# interface tunnel 1
R2(config-if)# ip address 172.1.1.1 255.255.255.0
R2(config-if)# tunnel source fastEthernet 0/0
R2(config-if)# tunnel destination 20.20.20.1
R2(config-if)# exit
  • R3
R3# configure terminal
R3(config)# interface tunnel 1
R3(config-if)# ip address 172.1.1.2 255.255.255.0
R3(config-if)# tunnel source fastEthernet 0/0
R3(config-if)# tunnel destination 10.10.10.1
R3(config-if)# exit
  • Ping dari R2 ke R3
R2# ping 172.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/58/68 ms
  • Ping dari R3 ke R2
R3# ping 172.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/58/64 ms

Setting OSPF

  • R2
R2# configure terminal
R2(config)# router ospf 1
R2(config-router)# network 172.1.1.0 0.0.0.255 area 0
R2(config-router)# network 192.168.10.0 0.0.0.255 area 0
  • R3
R3# configure terminal
R3(config)# router ospf 1
R3(config-router)# network 172.1.1.0 0.0.0.255 area 0
R3(config-router)# network 192.168.20.0 0.0.0.255 area 0

Verifikasi Routing Table

  • R1
R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       20.20.20.0/24 is directly connected, FastEthernet0/1
D       20.0.0.0/8 is a summary, 00:36:12, Null0
     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       10.10.10.0/24 is directly connected, FastEthernet0/0
D       10.0.0.0/8 is a summary, 00:36:12, Null0
  • R2
R2# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

D    20.0.0.0/8 [90/30720] via 10.10.10.2, 00:35:34, FastEthernet0/0
C    192.168.10.0/24 is directly connected, FastEthernet0/1
     172.1.0.0/24 is subnetted, 1 subnets
C       172.1.1.0 is directly connected, Tunnel1
O    192.168.20.0/24 [110/11112] via 172.1.1.2, 00:19:59, Tunnel1
     10.0.0.0/24 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, FastEthernet0/0
  • R3
R3# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     20.0.0.0/24 is subnetted, 1 subnets
C       20.20.20.0 is directly connected, FastEthernet0/0
O    192.168.10.0/24 [110/11112] via 172.1.1.1, 00:20:25, Tunnel1
     172.1.0.0/24 is subnetted, 1 subnets
C       172.1.1.0 is directly connected, Tunnel1
C    192.168.20.0/24 is directly connected, FastEthernet0/1
D    10.0.0.0/8 [90/30720] via 20.20.20.2, 00:35:40, FastEthernet0/0

Pengujian

  • PC1 – ping ke PC2
PC1> ip 192.168.10.2/24 192.168.10.1
Checking for duplicate address...
PC1 : 192.168.10.2 255.255.255.0 gateway 192.168.10.1

PC1> show ip

NAME        : PC1[1]
IP/MASK     : 192.168.10.2/24
GATEWAY     : 192.168.10.1
DNS         :
MAC         : 00:50:79:66:68:00
LPORT       : 10020
RHOST:PORT  : 127.0.0.1:10021
MTU:        : 1500

PC1> ping 172.1.1.2
84 bytes from 172.1.1.2 icmp_seq=1 ttl=254 time=75.957 ms
84 bytes from 172.1.1.2 icmp_seq=2 ttl=254 time=75.543 ms
84 bytes from 172.1.1.2 icmp_seq=3 ttl=254 time=75.187 ms
84 bytes from 172.1.1.2 icmp_seq=4 ttl=254 time=75.159 ms
84 bytes from 172.1.1.2 icmp_seq=5 ttl=254 time=75.175 ms

PC1> ping 192.168.20.2
84 bytes from 192.168.20.2 icmp_seq=1 ttl=62 time=90.077 ms
84 bytes from 192.168.20.2 icmp_seq=2 ttl=62 time=90.373 ms
84 bytes from 192.168.20.2 icmp_seq=3 ttl=62 time=90.115 ms
84 bytes from 192.168.20.2 icmp_seq=4 ttl=62 time=90.236 ms
84 bytes from 192.168.20.2 icmp_seq=5 ttl=62 time=91.530 ms
  • PC2 – ping ke PC1
PC2> ip 192.168.20.2/24 192.168.20.1
Checking for duplicate address...
PC1 : 192.168.20.2 255.255.255.0 gateway 192.168.20.1

PC2> show ip

NAME        : PC2[1]
IP/MASK     : 192.168.20.2/24
GATEWAY     : 192.168.20.1
DNS         :
MAC         : 00:50:79:66:68:01
LPORT       : 10022
RHOST:PORT  : 127.0.0.1:10023
MTU:        : 1500

PC2> ping 172.1.1.1
84 bytes from 172.1.1.1 icmp_seq=1 ttl=254 time=75.196 ms
84 bytes from 172.1.1.1 icmp_seq=2 ttl=254 time=75.040 ms
84 bytes from 172.1.1.1 icmp_seq=3 ttl=254 time=75.708 ms
84 bytes from 172.1.1.1 icmp_seq=4 ttl=254 time=75.085 ms
84 bytes from 172.1.1.1 icmp_seq=5 ttl=254 time=75.057 ms

PC2> ping 192.168.10.2
84 bytes from 192.168.10.2 icmp_seq=1 ttl=62 time=90.022 ms
84 bytes from 192.168.10.2 icmp_seq=2 ttl=62 time=90.783 ms
84 bytes from 192.168.10.2 icmp_seq=3 ttl=62 time=91.438 ms
84 bytes from 192.168.10.2 icmp_seq=4 ttl=62 time=90.606 ms
84 bytes from 192.168.10.2 icmp_seq=5 ttl=62 time=90.083 ms


Tambahan (Optional)

  • Jika ingin PC1 dan PC2 akses ke internet (R1) dengan NAT, maka harus setting NAT pada R2 dan R3
  • R2
R2# configure terminal
R2(config)# ip nat inside source list 101 interface fastEthernet 0/0 overload
R2(config)# access-list 101 permit ip 192.168.10.0 0.0.0.255 any
R2(config)# interface fastEthernet 0/0
R2(config-if)# ip nat outside
R2(config-if)# exit
R2(config)# interface fastEthernet 0/1
R2(config-if)# ip nat inside
R2(config-if)# exit
  • R3
R3# configure terminal
R3(config)# ip nat inside source list 101 interface fastEthernet 0/0 overload
R3(config)# access-list 101 permit ip 192.168.20.0 0.0.0.255 any
R3(config)# interface fastEthernet 0/0
R3(config-if)# ip nat outside
R3(config-if)# exit
R3(config)# interface fastEthernet 0/1
R3(config-if)# ip nat inside
R3(config-if)# exit
  • PC1 dan PC2 akses ke R1
PC1> ping 10.10.10.2
84 bytes from 10.10.10.2 icmp_seq=1 ttl=254 time=45.073 ms
84 bytes from 10.10.10.2 icmp_seq=2 ttl=254 time=45.001 ms
84 bytes from 10.10.10.2 icmp_seq=3 ttl=254 time=45.309 ms
84 bytes from 10.10.10.2 icmp_seq=4 ttl=254 time=45.028 ms
84 bytes from 10.10.10.2 icmp_seq=5 ttl=254 time=45.790 ms

PC1> ping 192.168.20.2
84 bytes from 192.168.20.2 icmp_seq=1 ttl=62 time=90.457 ms
84 bytes from 192.168.20.2 icmp_seq=2 ttl=62 time=90.478 ms
84 bytes from 192.168.20.2 icmp_seq=3 ttl=62 time=90.071 ms
84 bytes from 192.168.20.2 icmp_seq=4 ttl=62 time=90.964 ms
84 bytes from 192.168.20.2 icmp_seq=5 ttl=62 time=90.091 ms


--------------------------------------------------------------

PC2> ping 20.20.20.2
84 bytes from 20.20.20.2 icmp_seq=1 ttl=254 time=45.196 ms
84 bytes from 20.20.20.2 icmp_seq=2 ttl=254 time=45.261 ms
84 bytes from 20.20.20.2 icmp_seq=3 ttl=254 time=45.579 ms
84 bytes from 20.20.20.2 icmp_seq=4 ttl=254 time=45.447 ms
84 bytes from 20.20.20.2 icmp_seq=5 ttl=254 time=45.054 ms

PC2> ping 192.168.10.2
84 bytes from 192.168.10.2 icmp_seq=1 ttl=62 time=89.936 ms
84 bytes from 192.168.10.2 icmp_seq=2 ttl=62 time=92.739 ms
84 bytes from 192.168.10.2 icmp_seq=3 ttl=62 time=90.764 ms
84 bytes from 192.168.10.2 icmp_seq=4 ttl=62 time=90.422 ms
84 bytes from 192.168.10.2 icmp_seq=5 ttl=62 time=91.573 ms

herdiana3389

A system administrator with skills in system administration, virtualization, linux, windows, networking, cloud computing, container, etc.