CertExams.com Simulator Lab Exercises Answers

Configuring and Verifying Route based VPN

Description: Lab exercise explains configuration and verification of policy based vpn

Network Diagram:

lab image

Instructions:

I. Configuration on site1 on device R1

1. Configure the Ethernet interface ip address

2. Configure the IP address of secure tunnel (st0) interfaces.

3. Configure a default route and a route for tunnel traffic for route-based VPNs by specifying the remote peer st0 interface IP address, or simply specify the local st0 interface itself as the next-hop.

4. Configure security zones, and assign interfaces to the zones

5. Configure host-inbound services for each zone. Specify allowed system services for the security zone.

6. Configure Address Book entries for each zone

7. Create IKE Phase 1 Proposal

8. Create an IKE Phase 1 Policy

9. Configure an IKE gateway (phase 1) with a peer IP address, IKE policy, and outgoing interface. The gateway address should be the remote peer’s public IP address.

10. Configuring IPSEC Phase 2 Proposals

11. Configure the IPSEC Phase 2 policies and reference the IPSEC proposals

12. Configure the IPSEC Phase 2 VPN tunnel and reference the IPSEC Phase 2 policy configured in Step 11

13. Configure security policies for tunnel traffic in both directions.

II. Configuration on site1 on device R2

1. Configure the Ethernet interface ip address

2. Configure the IP address of secure tunnel (st0) interfaces.

3. Configure a default route and a route for tunnel traffic for route-based VPNs by specifying the remote peer st0 interface IP address, or simply specify the local st0 interface itself as the next-hop.

4. Configure security zones, and assign interfaces to the zones

5. Configure host-inbound services for each zone. Specify allowed system services for the security zone.

6. Configure Address Book entries for each zone

7. Create IKE Phase 1 Proposal

8. Create an IKE Phase 1 Policy

9. Configure an IKE gateway (phase 1) with a peer IP address, IKE policy, and outgoing interface. The gateway address should be the remote peer’s public IP address.

10. Configuring IPSEC Phase 2 Proposals

11. Configure the IPSEC Phase 2 policies and reference the IPSEC proposals

12. Configure the IPSEC Phase 2 VPN tunnel and reference the IPSEC Phase 2 policy configured in Step 11

13. Configure security policies for tunnel traffic in both directions.

Please refer to the CertExams.com Juniper Network Simulator softwarefor complete lab.


CertExams Blog!  Certexams.com Facebook Page Certexams.com Twitter Page Certexams on YouTube