Cisco Site-to-Site VPN Lab 3 / GRE over IPSec VPNs by Michael T. Durham



Similar documents
Triple DES Encryption for IPSec

CCNA Security 1.1 Instructional Resource

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

Lab Configure a PIX Firewall VPN

Cisco EXAM Implementing Cisco Secure Mobility Solutions (SIMOS) Buy Full Product.

Virtual Private Network (VPN)

Understanding the Cisco VPN Client

LAN-Cell to Cisco Tunneling

Point-to-Point GRE over IPsec Design and Implementation

Amazon Virtual Private Cloud. Network Administrator Guide API Version

Deploying IPSec VPN in the Enterprise

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

Vodafone MachineLink 3G. IPSec VPN Configuration Guide

Configuring a Lan-to-Lan VPN with Overlapping Subnets with Juniper NetScreen/ISG/SSG Products

Network Security 2. Module 6 Configure Remote Access VPN

Lab a Configure Remote Access Using Cisco Easy VPN

Amazon Virtual Private Cloud. Network Administrator Guide API Version

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

VPN. VPN For BIPAC 741/743GE

How to configure VPN function on TP-LINK Routers

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

FortiOS Handbook - IPsec VPN VERSION 5.2.2

Configuring IPsec VPN Fragmentation and MTU

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

VPNs. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Cisco 1841 MyDigitalShield BYOG Integration Guide

DYNAMIC MULTIPOINT VPN HUB AND SPOKE INTRODUCTION

Configuring Remote Access IPSec VPNs

How to configure VPN function on TP-LINK Routers

Configure ISDN Backup and VPN Connection

BUY ONLINE AT:

Configuring an IPSec Tunnel between a Firebox & a Cisco PIX 520

Virtual Private Network and Remote Access Setup

FortiOS Handbook - IPsec VPN VERSION 5.2.4

How To Industrial Networking

The BANDIT Products in Virtual Private Networks

VPN SECURITY POLICIES

Amazon Virtual Private Cloud. Network Administrator Guide API Version

Configuring Internet Key Exchange Security Protocol

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Abstract. SZ; Reviewed: WCH 6/18/2003. Solution & Interoperability Test Lab Application Notes 2003 Avaya Inc. All Rights Reserved.

Configuring IPsec VPN with a FortiGate and a Cisco ASA

How To Design An Ipsec Vpn Network Connection

Packet Tracer Configuring VPNs (Optional)

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

REMOTE ACCESS VPN NETWORK DIAGRAM

Configuring Static and Dynamic NAT Simultaneously

Network Security. Lecture 3

Implementing and Managing Security for Network Communications

GregSowell.com. Mikrotik VPN

Guideline for setting up a functional VPN

Application Note: Onsight Device VPN Configuration V1.1

Cisco Cisco 3845 X X X X X X X X X X X X X X X X X X

Expert Reference Series of White Papers. Integrating Active Directory Users with Remote VPN Clients on a Cisco ASA

Chapter 8 Lab A: Configuring a Site-to-Site VPN Using Cisco IOS and CCP

CertificationKits.com EIGRP Sample CCNA Lab. EIGRP Routing. The purpose of this lab is to explore the functionality of the EIGRP routing protocol.

Table of Contents. Cisco Configuring IPSec Cisco Secure VPN Client to Central Router Controlling Access

This topic discusses Cisco Easy VPN, its two components, and its modes of operation. Cisco VPN Client > 3.x

Firewall Troubleshooting

Module 6 Configure Remote Access VPN

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

"Charting the Course...

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Keying Mode: Main Mode with No PFS (perfect forward secrecy) SA Authentication Method: Pre-Shared key Keying Group: DH (Diffie Hellman) Group 1

Chapter 8 Lab A: Configuring a Site-to-Site VPN Using Cisco IOS and CCP

Branch Office VPN Tunnels and Mobile VPN

Integrated Services Router with the "AIM-VPN/SSL" Module

Integrated Services Router with the "AIM-VPN/SSL" Module

Interconnection between the Windows Azure

Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance

Netopia TheGreenBow IPSec VPN Client. Configuration Guide.

How To Learn Cisco Cisco Ios And Cisco Vlan

TABLE OF CONTENTS NETWORK SECURITY 2...1

Chapter 8 Virtual Private Networking

Lecture 17 - Network Security

Cisco Which VPN Solution is Right for You?

Chapter 4 Virtual Private Networking

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

IPSec Network Security Commands

Most Common L2L and Remote Access IPSec VPN Troubleshooting Solutions

Introduction to Security and PIX Firewall

Network virtualization

IPsec Direct Encapsulation VPN Design Guide

IPSec. User Guide Rev 2.2

Deploying Site-to-Site IPSec VPNs

FortiOS Handbook IPsec VPN for FortiOS 5.0

Case Study for Layer 3 Authentication and Encryption

Lab Configure Remote Access Using Cisco Easy VPN

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and

Configuring a GB-OS Site-to-Site VPN to a Non-GTA Firewall

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

iementor CCIE Service Provider Workbook v1.0 Lab13 Solutions: Layer 2 VPN II

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

SSL SSL VPN

Licenses are not interchangeable between the ISRs and NGX Series ISRs.

Transcription:

Cisco Site-to-Site VPN Lab 3 / GRE over IPSec VPNs by Michael T. Durham In part two of NetCertLabs Cisco CCNA Security VPN lab series, we explored setting up a site-to-site VPN connection where one side is the corporate office with a static IP address and the other side is a home office with a dynamic IP address. In part three of this series we will be setting up a GRE (Generic Routing Encapsulation) tunnel between our two sites in a Site-to-Site configuration. If you need to setup a GRE tunnel where one side of the tunnel has a dynamic IP address or you need a Siteto-MultiSite GRE VPN, please see our DMVPN lab. Cisco supports many other VPN technologies such as: SSL VPN (AnyConnect SSL VPN & Clientless SSL VPN), Dynamic Multipoint VPN (DMVPN), Easy VPN, Group Encrypted Transport (GET) VPN and others. Please visit our website for labs on those technologies. Because of the simplicity in setting up GRE VPNs, their low cost and secure communications, and the ability to pass routing protocols (point-to-point IPSec tunnels do not pass multicast packets like EIGRP & OSPF), GRE VPNs are becoming very popular with network engineers. GRE Tunnel strengths are providing multicast protocols over a VPN and connecting discontinuous networks. Is weakness is that there is no encryption of the traffic going through the tunnel and no flow control. This is where IPSec comes in, providing the encryption and flow control needed and when using GRE over IPSec you create a top-notch secure connection protecting sensitive data. There are two modes in which you can configure GRE with IPSec, Tunnel Mode and Transport Mode. Tunnel mode encapsulates the entire IP packet including the original IP header whereas the Transport mode only encapsulates the data payload leaving the GRE IP address exposed. Other disadvantages to using the Transport mode, you cannot pass NAT Network Address Translation) or PAT (Port Address Translation) through the tunnel and the GRE endpoints and crypto endpoints must be on the same IP address network. The benefit to using the Transport mode, it is 20 bytes smaller. To implement the Transport mode, you must enter the command mode transport after entering the crypto ipsec transform-set command. With the additional overheard of GRE tunnels and IPSec, you will need to adjust the MTU (Maximum Transfer Unit) from its default size of 1500 bytes to 1400 bytes. We also must adjust the MSS (Maximum Segment Size) to 1360 bytes. These two changes will prevent packet fragmentation and will increase overall performance greatly. Even with the smaller (20 byte) payload capacity and the slightly less processor utilization of Transport mode over Tunnel mode, we feel that the increased security, NAT/PAT capabilities, and different IP networks of Tunnel mode is far outweigh any advantages Transport mode may seem to offer. NetCertLabs' goal is to provide you with the basic knowledge necessary to pass your desired exam or just help you get your lab setup and working so you can learn each subject. Another one of NetCertLabs' goals is to provide you with CLEAR and concise step-by-step instructions of KNOWN working configurations. For a more in-depth study of IPSec VPN's, visit Cisco's website's Video Training Series at: http://www.cisco.com/en/us/tech/tk827/tk369/tk287/tsd_technology_support_sub-protocol_home.html Equipment List: 3 2610 Routers that has Cisco IOS Software Release 12.2(15)T2 (or similar)* 4 WIC-1T Serial modules** 2 Ethernet Cat5 cross-over patch cables 2 DB60 Serial DCE/DTE cable (simulates the Leased Line or MPLS connection)* 2 PC's * The IOS has a software VPN ability built-in in many versions. Hardware VPN modules are also available for increased performance. **If your router has two Ethernet ports you can use them in-place of the serial ports.

CCNA/CCNA Security Lab 3 In this lab we will setup a Cisco hardware-to-hardware site-to-site GRE (Generic Routing Encapsulation) VPN Tunnel. Tunnel 192.168.0.100 172.16.0.1 10.0.0.100 IP s 172.16.0.2 fa0/0 s0/0 s0/0 fa0/0 Corp VPN s0/0 Internet s0/1 Branch 192.168.0.1 50.137.15.9.1 209.87.55.42 10.0.0.1 This lab will show you how to setup and configure three Cisco routers to create a permanent secure site-to-site GRE VPN tunnel over the Internet, MPLS network, or Frame-Relay network to encapsulate our packets and hide them from those networks. Once the GRE VPN has been established we will use the IP Security (IPSec) protocol to encrypt our data payload. In this lab we assume that you have your Ethernet and serial ports already configured and both Cisco routers have a static IP address. One of the three routers is used to simulate the Internet. In the above lab there are public IP addresses utilized to give you a more realistic understanding of what happens and where to apply the commands in a real world setting. Since the routers in this lab are NOT connected to the Internet there will not be any IP address conflicts. Please make sure that your lab is disconnected from any equipment that could provide Internet connectivity. If you are interested in configuring Point-to-Multipoint DMVPN (Dynamic Multipoint Virtual Private Network) mgre Tunnels see the CCNA/CCNA Security Lab 4. NetCertLabs has several additional CCNA/CCNA Security labs for you to learn with on our web site as well as many other labs to help you earn the certification you are seeking. The following six steps need to be configured in order to create a secure GRE VPN on a Cisco IOS device. Step 1. Create the GRE Tunnel Step 2. Route Networks Through the Tunnel Step 3. Configure ISAKMP (IKE) - (ISAKMP Phase 1) Step 4. Create IPSec Transform (ISAKMP Phase 2 policy) Step 5. IPSec Profile Step 6. Apply Step 1. Create the Tunnel ------------- Corp Router ------------- The first step in creating a GRE tunnel is to create a logical interface and assign it a private IP address. Packets within the tunnel will be encapsulated on one end and un-encapsulated on the other end. Remember, the packets and data within the packets are NOT encrypted at this point. On the Corp router preform the following steps: Corp(config)#interface Tunnel 0 Corp(config-if)#ip address 172.16.0.1 255.255.255.0 Corp(config-if)#ip mtu 1400 Corp(config-if)#ip tcp adjust-mss 1360 Corp(config-if)#tunnel source 50.137.15.9 Corp(config-if)#tunnel destination 209.87.55.42

Since the Tunnel 0 interface is a logical interface it will remain up even if there is no GRE tunnel configured or connected at the other end. Before your proceed to step two, jump down to the Branch router section and configure a logical tunnel and assign it its IP address, MTU, MSS, Source and Destination addresses. Once you have those settings entered, return here and proceed with step two. Be sure that you have your default gateways and default routes setup or your tunnel protocol will be down and your lab will not work. Step 2. Route Networks Through the Tunnel First let s test the tunnel connectivity by issuing an ICMP ping. Corp#ping 172.16.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms As you can see from the output above, we can connect to the other side of the tunnel. However, workstations on either side cannot communicate with each other. You needed at create a static route so that the remote networks can reach each other. Corp(Config)#ip route 10.0.0.0 255.255.255.0 172.16.0.2 Instead of entering static routes which could be difficult to manage in a medium to large size network, you can use routing protocols such at RIP, EIGRP, OSPF, and others. Normal routing protocol rules such as Area s and autonomous system apply when using these protocols over a tunnel. Here is an EIGRP configuration that you can use in place of the static route above. Corp(Config)#router eigrp 1577 Corp(Config-router)#network 172.16.0.0 0.0.0.255 Corp(Config-router)#network 192.168.0.1 0.0.0.255 Step 3. ISAKMP First we enter into the configuration mode then enable isakmp. Although by default isakmp is enabled, do this just to be sure it is. The policy number is quite important. When the router tries to negotiate an acceptable phase one policy, it always starts with the policy closest to 1 then works its way up in order until a negotiation is successful (using 10 leaves some room for growth if needed). Corp(config)#crypto isakmp enable Corp(config)#crypto isakmp policy 10 Now we configure the authentication method. Acceptable options are pre-shared key, RSA-Sig and RSA-Encr. For simplicity we ll use a pre shared key at the moment. In other labs we will exam these other options. Corp(config-isakmp)#authentication pre-share Next is the hash method to be used. Options are MD5 and SHA-1 (SHA-1 is the default). (MD5 is a stronger hash method). Corp(config-isakmp)#hash sha

Now we configure the encryption algorithm we want to use. In order of strength AES 256, AES 192, AES 128, 3DES, DES (168-bit Triple DES is the default if nothing is explicitly configured). Corp(config-isakmp)#encryption 3des Group <number> will configure the modulus size of the Diffie-Hellman key exchange. (Group 5 isn't supported on all versions of IOS). Group Description 1 The 768-bit Diffie-Hellman group. 2 The 1024-bit Diffie-Hellman group. 5 The 1536-bit Diffie-Hellman group. *(Group 1 is the default) Corp(config-isakmp)#group 5 Lifetime, is the time in seconds for the Security Association (SA). 3600 = 1 hour (86400 (1 day) is the default). Corp(config-isakmp)#lifetime 3600 Since we configured pre-shared key we need to configure the key on a per host basis in main config mode. Corp(config)#crypto isakmp key K3y4vPnLab address 209.87.55.42 The peer s pre shared key is set to K3y4vPnLab and its public IP Address is 209.87.55.42. Every time the Corp router tries to establish a VPN tunnel with the Branch router (209.87.55.42), this pre shared key will be used. To keep our VPN up and connected when traffic may not be passing, we use dead peer detection (DPD) by setting isakmp to send keepalives every 10 seconds then every 2 seconds if a keepalive fails. Sent on demand rather than periodically like we have configured is the default. Not all versions of the IOS support this. Corp(config)#crypto isakmp keepalive 10 2 periodic Verify configuration with the show crypto isakmp policy Global IKE policy Protection suite of priority 10 encryption algorithm: Three key triple DES hash algorithm: Secure Hash Standard authentication method: Pre-Shared Key Diffie-Hellman group: #5 (1536 bit) lifetime: 3600 seconds, no volume limit Default protection suite encryption algorithm: DES - Data Encryption Standard (56 bit keys). hash algorithm: Secure Hash Standard authentication method: Rivest-Shamir-Adleman Signature Diffie-Hellman group: #1 (768 bit) lifetime: 86400 seconds, no volume limit

Step 4. Transform Set Now we will create the transform set used to protect our data. Our IPSEC tunnel mode will be using 256 bit AES encryption and sha-1 hmac. Corp(config)# crypto ipsec transform-set MYTSETNAME esp-3des esp-md5-hmac Corp(cfg-crypto-trans)#mode tunnel Various other options are: Corp(config)#crypto ipsec transform-set MYTSETNAME? ah-md5-hmac AH-HMAC-MD5 transform ah-sha-hmac AH-HMAC-SHA transform comp-lzs IP Compression using the LZS compression algorithm esp-3des ESP transform using 3DES(EDE) cipher (168 bits) esp-aes ESP transform using AES cipher esp-des ESP transform using DES cipher (56 bits) esp-md5-hmac ESP transform using HMAC-MD5 auth esp-null ESP transform w/o cipher esp-seal ESP transform using SEAL cipher (160 bits) esp-sha-hmac ESP transform using HMAC-SHA auth Verify with show crypto ipsec transform-set Transform set MYTSETNAME: { esp-3des esp-md5-hmac } will negotiate = { Tunnel, }, Step 5. IPSec Profile Now we create an IPSec profile to connect the ISAKMP and IPSec configuration together. Corp(config)#crypto ipsec profile ENCRYPT-GRE Corp(ipsec-profile)#set security-association lifetime seconds 86400 Corp(ipsec-profile)#set transform-set MYTSETNAME Step 6. Apply Finally we apply the IPSec profile to the tunnel interface. Corp(config)#interface Tunnel 0 Corp(config-if)#tunnel protection ipsec profile ENCRYPT-GRE You will get a response from the router as follows: *Mar 1 03:11:48.715: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON Corp(config-if)# *Mar 1 03:11:53.015: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /50.137.15.9, src_addr= 209.87.55.42, prot= 47 *Mar 1 03:12:03.379: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1577: Neighbor 172.16.0.2 (Tunnel0) is down: holding time expired

As you can see, ISAKMP is now turned on. Since we are no encrypting the packets, the tunnel goes down until we set up the other end of the tunnel with the same encryption scheme. Now we will set up the Branch office router. Step 1. Create Tunnel ------------- Branch_1 Router ------------- Corp(config)#interface Tunnel 0 Corp(config-if)#ip address 172.16.0.2 255.255.255.0 Corp(config-if)#ip mtu 1400 Corp(config-if)#ip tcp adjust-mss 1360 Corp(config-if)#tunnel source 209.87.55.42 Corp(config-if)#tunnel destination 50.137.15.9 Step 2. Route Networks Through the Tunnel Corp(Config)#ip route 192.168.0.0 255.255.255.0 172.16.0.1 Or use the EIGRP configuration in place of the static route above. Corp(Config)#router eigrp 1577 Corp(Config-router)#network 172.16.0.0 0.0.0.255 Corp(Config-router)#network 10.0.0.1 0.0.0.255 Step 3. ISAKMP Branch(config)#crypto isakmp enable Branch(config)#crypto isakmp policy 10 Banch(config-isakmp)#authentication pre-share Branch(config-isakmp)#hash sha Branch(config-isakmp)#encryption 3des Branch(config-isakmp)#group 5 Branch(config-isakmp)#lifetime 3600 Branch(config-isakmp)#exit Branch(config)#crypto isakmp key 0 K3y4vPnLab address 50.137.15.9 Branch(config)#crypto isakmp keepalive 10 2 periodic Step 4. Transform Set Branch(config)# crypto ipsec transform-set MYTSETNAME esp-3des esp-md5-hmac Branch(cfg-crypto-trans)#mode tunnel Must be the same encryption scheme as the other side of the tunnel. Step 5. IPSec Profile Now we create an IPSec profile to connect the ISAKMP and IPSec configuration together. Corp(config)#crypto ipsec profile ENCRYPT-GRE Corp(ipsec-profile)#set security-association lifetime seconds 86400 Corp(ipsec-profile)#set transform-set MYTSETNAME

Step 6. Apply Finally we apply the IPSec profile to the tunnel interface. Corp(config)#interface Tunnel 0 Corp(config-if)#tunnel protection ipsec profile ENCRYPT-GRE Testing/Verify To bring up the ISAKMP IPSec tunnel just ping the 10.0.0.0 network from the Corp router or the Corp PC. Corp#ping 10.0.0.100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.100, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avg/max = 56/70/92 ms To verify that encryption is setup and taking place, issue the show crypto session command. Corp#show crypto session Crypto session current status Interface: Tunnel0 Session status: UP-ACTIVE Peer: 209.87.55.42 port 500 IKE SA: local 50.137.15.9/500 remote 209.87.55.42/500 Active IPSEC FLOW: permit 47 host 50.137.15.9 host 209.87.55.42 Active SAs: 2, origin: crypto map As you see by the output above, we now have a working GRE VPN Tunnel using ISAKMP and IPSec to protect our data over a public network connection. The configuration files for this lab are on the following pages. After you have setup and tested this lab, please blog your experience on our blog site at: http://netcertlabs.com/netcertlabs-blog Thank You,

Corp PC IP Address 192.168.0.100 Mask 255.255.255.0 Gateway 192.168.0.1 Branch PC IP Address 10.0.0.100 Mask 255.255.255.0 Gateway 10.0.0.1 ------------- PC and Router configurations ------------- Corp Router hostname Corp crypto isakmp policy 10 encr 3des authentication pre-share group 5 lifetime 3600 crypto isakmp key K3y4vPnLab address 209.87.55.42 crypto isakmp keepalive 10 periodic crypto ipsec transform-set MYTSETNAME esp-3des esp-md5-hmac crypto ipsec profile ENCRYPT-GRE set security-association lifetime seconds 86400 set transform-set MYTSETNAME interface Tunnel0 ip address 172.16.0.1 255.255.255.0 ip mtu 1400 ip tcp adjust-mss 1360 tunnel source 50.137.15.9 tunnel destination 209.87.55.42 tunnel protection ipsec profile ENCRYPT-GRE interface Serial0/0 ip address 50.137.15.9 255.255.255.0 serial restart-delay 0 clock rate 128000 interface FastEthernet0/0 ip address 192.168.0.1 255.255.255.0 duplex auto speed auto router eigrp 1577 network 172.16.0.0 0.0.0.255 network 192.168.0.0 auto-summary ip route 0.0.0.0 0.0.0.0 50.137.15.1

Internet Router Hostname Internet interface Serial0/0 ip address 50.137.15.1 255.255.255.0 serial restart-delay 0 interface Serial0/1 ip address 209.87.55.1 255.255.255.0 serial restart-delay 0 Branch Router Hostname Branch crypto isakmp policy 10 encr 3des authentication pre-share group 5 lifetime 3600 crypto isakmp key K3y4vPnLab address 50.137.15.9 crypto isakmp keepalive 10 periodic crypto ipsec transform-set MYTSETNAME esp-3des esp-md5-hmac crypto ipsec profile ENCRYPT-GRE set security-association lifetime seconds 86400 set transform-set MYTSETNAME interface Tunnel0 ip address 172.16.0.2 255.255.255.0 ip mtu 1400 ip tcp adjust-mss 1360 tunnel source 209.87.55.42 tunnel destination 50.137.15.9 tunnel protection ipsec profile ENCRYPT-GRE interface Serial0/0 ip address 209.87.55.42 255.255.255.0 serial restart-delay 0 clock rate 128000 interface FastEthernet1/0 ip address 10.0.0.1 255.255.255.0 duplex auto speed auto router eigrp 1577 network 10.0.0.0 0.0.0.255 network 172.16.0.0 0.0.0.255 auto-summary ip route 0.0.0.0 0.0.0.0 209.87.55.1

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information