Monthly Archive

You are currently browsing the monthly archive for April 2011.

Implementing GetVPN over IOS/untrusted network

April 5, 2011 in Certification/Training, Cisco, IPsec VPN, Networking, Routers, Routing, VPN | Tags: , , , , , , , | Leave a comment

In my last blog post, I began working through implementing a GetVPN configuration over a private “mpls” (simulated) network in which I cannot trust the “wan” links.  So, I created the network as such.  I’ve run into a snag.  I need to build tunnel interfaces, I am finding.  Since I have only done this with the help of an engineer in the past, I have no specific plan of how to do this.  Today, I will look into creating the tunnel(s).  I found Cisco’s “Group Encrypted Transport VPN (Get VPN) Design and Implementation Guide” and am looking that over now.

The procedure I had been following was kidvelvet’s and the tunnels were established just fine.  I am just not passing traffic over them.

GET VPN using IOS Routers w/BGP, EIGRP (Part 1)

April 4, 2011 in Certification/Training, Cisco, Networking, Routers, Routing, VPN | Tags: , , , , | Leave a comment

This is an expansion of kidvelvet’s excellent post “GET VPN through IOS Routers“.  He gives us a great view of the GETVPN config, but I needed more.  In my case, I need to model a GetVPN over an MPLS network.  Now, it is too much work to make an MPLS network for something like this, but, I can take the core principles:  BGP for the inter-node connectivity and we build the GetVPN tunnels over that infrastructure.  I’m using EIGRP for LAN routing.  My goal is for the nodes, of which I may add more later to be able to propagate EIGRP updates through the tunnels.

My initial layout is identical to kidvelvet’s, save for the routing protocol configurations.  Once the basic concept is done, I’ll come back and muck with it to provide a little more of a potential real-world setup.  Hopefully, this might avoid the pitfalls he described, too.

 

Base Topology for the GetVPN Lab

Base Topology for the GetVPN Lab

At this stage, I have configured the 4 nodes to talk to each other via BGP.  I am using GNS3 0.7.2 and the images are of a Cisco 2691 Multiservice Router running IOS version 12.4(15)T14.  Follow the links for more about GNS3.  For those who might troll for GNS IOS images, don’t bother looking here.

Here are links to the base configurations (before I started building the GetVPN structure):

R1 Configuration
R2 Configuration
R3 Configuration
R4 Configuration

Follow

Get every new post delivered to your Inbox.