SOURCECODEBD.NET

Live Experience

3.  CONFIGURE SPLIT TUNNELLING

HOW TO CONFIGURE SPLIT TUNNELLING
 
Interface IP Address Configuration 
 
R1 
 
Interface  IP Address   Subnet Mask 
S 1/0        2.2.2.1          255.0.0.0 
E 1/0       10.1.1.1        255.0.0.0 
 
R3 
 
Interface  IP Address   Subnet Mask 
S 0          2.2.2.2          255.0.0.0 
S 1          3.3.3.1          255.0.0.0 
 
R2 
 
Interface  IP Address   Subnet Mask 
S 0/2        3.3.3.2         255.0.0.0
Fa 0/0     20.1.1.1        255.0.0.0 
 
Task 1 
 
Configure routing (EIGRP 10) on R1, R2, and R3. 
Configure IPSec VPN only on R1 and R2. 
No IPSec VPN configuration on R3. 
 
R1 
 
Crypto isakmp enable 
 
Crypto isakmp policy 10 
Encryption 3des 
Hash md5 
Authentication pre-share 
Group1 
 
Crypto isakmp key cisco123 address 3.3.3.2 
 
Crypto ipsec transform-set set1 esp-des 
 
Access-list 101 permit ip 
10.0.0.0 0.255.255.255 
20.0.0.0 0.255.255.255 
 
Crypto map map1 10 ipsec-isakmp 
Set peer 3.3.3.2 
Set transform-set set1 
Match address 101 
 
Int s1/0 
Crypto map map1 
 
 
R2 
 
Crypto isakmp enable 
 
Crypto isakmp policy 15 
Encryption 3des 
Hash md5 
Authentication pre-share 
Group1 
 
Crypto isakmp key cisco123 address 2.2.2.1 
 
Crypto ipsec transform-set set1 esp-des 
 
Access-list 101 permit ip 
20.0.0.0 0.255.255.255 
10.0.0.0 0.255.255.255 
 
Crypto map map1 10 ipsec-isakmp 
Set peer 2.2.2.1 
Set transform-set set1 
Match address 101 
 
Int s0/2 
Crypto map map1
 
 
Verification: 
 
R1#show crypto isakmp sa
 
The output displays current IKE SA’s.  QM_IDLE status indicates an active IKE SA.
 
R1#show crypto ipsec sa
 
The output displays current settings used by current SA’s.  Non-zero encryption and 
decryption statistics can indicate a working set of IPSec SA’s. 
You are here: Home / VPN / HOW TO CONFIGURE SPLIT TUNNELLING