Certexams practice tests and network simulator Register             Login

CertExams.com Simulator Lab Exercises Answers

Configuring and Verifying Route based VPN

Description: Lab exercise explains configuration and verification of policy based vpn

Network Diagram:

Instructions:

I. Configuration on site1 on device R1

1. Configure the Ethernet interface ip address

2. Configure the IP address of secure tunnel (st0) interfaces.

3. Configure a default route and a route for tunnel traffic for route-based VPNs by specifying the remote peer st0 interface IP address, or simply specify the local st0 interface itself as the next-hop.

4. Configure security zones, and assign interfaces to the zones

5. Configure host-inbound services for each zone. Specify allowed system services for the security zone.

6. Configure Address Book entries for each zone

7. Create IKE Phase 1 Proposal

8. Create an IKE Phase 1 Policy

9. Configure an IKE gateway (phase 1) with a peer IP address, IKE policy, and outgoing interface. The gateway address should be the remote peer’s public IP address.

10. Configuring IPSEC Phase 2 Proposals

11. Configure the IPSEC Phase 2 policies and reference the IPSEC proposals

12. Configure the IPSEC Phase 2 VPN tunnel and reference the IPSEC Phase 2 policy configured in Step 11

13. Configure security policies for tunnel traffic in both directions.

II. Configuration on site1 on device R2

1. Configure the Ethernet interface ip address

2. Configure the IP address of secure tunnel (st0) interfaces.

3. Configure a default route and a route for tunnel traffic for route-based VPNs by specifying the remote peer st0 interface IP address, or simply specify the local st0 interface itself as the next-hop.

4. Configure security zones, and assign interfaces to the zones

5. Configure host-inbound services for each zone. Specify allowed system services for the security zone.

6. Configure Address Book entries for each zone

7. Create IKE Phase 1 Proposal

8. Create an IKE Phase 1 Policy

9. Configure an IKE gateway (phase 1) with a peer IP address, IKE policy, and outgoing interface. The gateway address should be the remote peer’s public IP address.

10. Configuring IPSEC Phase 2 Proposals

11. Configure the IPSEC Phase 2 policies and reference the IPSEC proposals

12. Configure the IPSEC Phase 2 VPN tunnel and reference the IPSEC Phase 2 policy configured in Step 11

13. Configure security policies for tunnel traffic in both directions.

Note: Please refer to the CertExams.com Juniper Network Simulator software for complete lab.

 

Real Time Web Analytics

Clicky