preview

The Implementation Of A Ipsec Tunnel

Decent Essays
Open Document

To allow the regional offices to pass traffic securely a GRE IPsec tunnel will be created between offices. This will allow all data to be encrypted prior to being sent out to the internet. This will prevent unauthorised reading or manipulation of sensitive data. The UK office will have two tunnels, one to each branch office. In order for the remote branches to communicate with each other their traffic will pass through the head office. The initial part of the configuration is the addition of GRE tunnels between the offices. These will be based on /30 subnets within the 192.168.0.0 range. Ethernet allows packets of up to 1500 bytes to pass through it. As the GRE header adds an additional overhead to each packet Cisco recommend configuring the Maximum Transmission Unit (MTU) to 1400 bytes. An additional aid is to add the TCP adjust-mss 1360 which keep the TCP SYN packets small enough to pass across the tunnel.

Figure 5 10 GRE Tunnels
The tunnel state was verified with the “ show ip interface brief | inc Tu” Figure 5 11 GRE Tunnel Status

With the tunnels in an “up up” state the ISAKMP and IPSec configuration can be added. In order for IPSec communication to exist between the sites it must complete a 3 step process.
• Identify interesting traffic. This is done by the configuration of an extended ACL which will tell the IPSec to encrypt anything matching the permit command and pass anything matching the deny statement unencrypted
• Internet Key Exchange (IKE) phase one.

Get Access