Connecting eNSP to GNS3 on Windows 8.x

GNS3 along with UNL is one of the most used network emulators that allows us to create multi vendor topologies. Unfortunately there are no Huawei images to use within GNS3, but we can connect Huawei eNSp with GNS3 using the cloud.

On Windows 8 you can connect Huawei eNSP to the physical network if on the cloud configurations you select your physical connection, you will then be able to ping the physical address on the host pc and that's all, you will not be able to ping any further then that. 

I've seen tutorials on the net whereby configuring the cloud to use your physical connection you can connect Huawei eNSP with GNS3. But on Windows 8 things don't work like that.

So to  accomplish this we need to create a loopback adaptor and connect eNSP and GNS3 through the loopback adaptor. If we share the physical connection with the loopback adaptor we will then be able to access the real network.

The first step is to create a loopback adaptor which we will not cover here, note that you can assign any ip address to the loopback adaptor. In my loopback adaptor the ip address is 192.168.0.0/24 as you can see from the following picture. It is also important to remember the name of your loopback adaptor, in my case is Ethernet 2. 



Next we configure the eNSP, drag and drop a cloud, right-click, select settings and configure as shown in the following picture.


Now we configure GNS3, drag and drop a cloud, right-click, select configure and configure as shown in the following picture.


And we are ready to start pinging each other. 



Posted by 2 comments:

Configuring IPSEC VPN tunnel between cisco routers

Short overview:

The purpose of VPN's is to connect two devices that are geographically apart from each other by creating a logical connection over the wide area network.

VPN's use encryption to ensure that data is kept private and is not altered or manipulated along the path.

Topology:


NorthSite:
NorthSite(config)# interface FastEthernet 0/0
NorthSite(config-if)# ip add 10.1.1.1 255.0.0.0
NorthSite(config-if)# no shut
NorthSite(config-if)# interface vlan 1
NorthSite(config-if)# ip add 192.168.1.1 255.255.255.0
NorthSite(config-if)# exit
NorthSite(config)# ip route 192.168.2.0 255.255.255.0 10.2.2.2
NorthSite(config)# ip route 192.168.3.0 255.255.255.0 10.3.3.3

WestSite:
WestSite(config)# interface FastEthernet 0/0
WestSite(config-if)# ip add 10.2.2.2 255.0.0.0
WestSite(config-if)# no shut
WestSite(config-if)# interface vlan 1
WestSite(config-if)# ip add 192.168.2.1 255.255.255.0
WestSite(config-if)# exit
WestSite(config)# ip route 192.168.1.0 255.255.255.0 10.1.1.1
WestSite(config)# ip access-list extended VPN-TRAFFIC
WestSite(config-ext-nacl)# permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
WestSite(config-ext-nacl)# exit
WestSite(config)# crypto isakmp policy 1
WestSite(config-isakmp)# authentication pre-share
WestSite(config-isakmp)# encryption aes
WestSite(config-isakmp)# encryption aes
WestSite(config-isakmp)# hash md5
WestSite(config-isakmp)# group 2
WestSite(config-isakmp)# lifetime 84600
WestSite(config-isakmp)# exit
WestSite(config)# crypto isakmp key 6 cisco123 address 10.3.3.3
WestSite(config)# crypto ipsec transform-set DATAENC esp-aes 256 esp-md5-hmac
WestSite(cfg-crypto-trans)# exit
WestSite(config)# crypto map WEST-to-EAST 1 ipsec-isakmp
WestSite(config-crypto-map)# set peer 10.3.3.3
WestSite(config-crypto-map)# set transform-set DATAENC
WestSite(config-crypto-map)# match address VPN-TRAFFIC
WestSite(config-crypto-map)# exit
WestSite(config)# int f0/0
WestSite(config-if)# crypto map WEST-to-EAST

EastSite:
EastSite(config)# interface FastEthernet 0/0
EastSite(config-if)# ip add 10.3.3.3 255.0.0.0
EastSite(config-if)# no shut
EastSite(config-if)# interface vlan 1
EastSite(config-if)# ip add 192.168.3.1 255.255.255.0
EastSite(config-if)# exit
EastSite(config)# ip route 192.168.1.0 255.255.255.0 10.1.1.1
EastSite(config)# ip access-list extended VPN-TRAFFIC
EastSite(config-ext-nacl)# permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
EastSite(config-ext-nacl)# exit
EastSite(config)# crypto isakmp policy 1
EastSite(config-isakmp)# authentication pre-share
EastSite(config-isakmp)# encryption aes
EastSite(config-isakmp)# encryption aes
EastSite(config-isakmp)# hash md5
EastSite(config-isakmp)# group 2
EastSite(config-isakmp)# lifetime 84600
EastSite(config-isakmp)# exit
EastSite(config)# crypto isakmp key 6 cisco123 address 10.2.2.2
EastSite(config)# crypto ipsec transform-set DATAENC esp-aes 256 esp-md5-hmac
EastSite(cfg-crypto-trans)# exit
EastSite(config)# crypto map EAST-to-WEST 1 ipsec-isakmp
EastSite(config-crypto-map)# set peer 10.2.2.2
EastSite(config-crypto-map)# set transform-set DATAENC
EastSite(config-crypto-map)# match address VPN-TRAFFIC
EastSite(config-crypto-map)# exit
EastSite(config)# int f0/0
EastSite(config-if)# crypto map EAST-to-WEST
Posted by No comments:
Subscribe to: Posts (Atom)