R1

  interface f0/0

  no shutdown

  ip add 192.168.101.10 255.255.255.0

  int s0/0

  no shutdown

  ip add 101.1.1.100 255.255.255.0

  ip route 0.0.0.0 0.0.0.0 101.1.1.1

R2

  interface fastEthernet 0/0

  no shutdown

  ip add 192.168.101.20 255.255.255.0

  int s0/0

  no shutdown

  ip add 102.1.1.100 255.255.255.0

  ip route 0.0.0.0 0.0.0.0 102.1.1.1

An-Advance-E-Book

ISP

  int s0/0

  no shutdown

  ip add 101.1.1.1 255.255.255.0

  int s0/1

  no shutdown

  ip add 102.1.1.1 255.255.255.0

  int s0/2

  no shutdown

  ip add 103.1.1.1 255.255.255.0

R3

 interface fastEthernet 0/0

  no shutdown

  ip add 192.168.102.1 255.255.255.0

  no shutdown

  int s0/0

  no shutdown

  ip add 103.1.1.100 255.255.255.0

  ip route 0.0.0.0 0.0.0.0 103.1.1.1

R3

R3#ping 101.1.1.100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 101.1.1.100, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/25/64 ms

R3#pin

R3#ping 102.1.1.100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 102.1.1.100, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/15/48 ms

R1

  interface f0/0

  standby 1 ip 192.168.101.1

  standby 1 preempt

  standby 1 priority 101

  standby 1 track serial 0/0

R2

  int f0/0

  standby 1 ip 192.168.101.1

  standby 1 preempt

R1

  crypto  isakmp policy 1

  authentication pre-share

  encryption aes

  hash sha

  group 5

  lifetime 1800

  exit

  crypto  isakmp key shiva add 103.1.1.100

  crypto  ipsec  transform-set t-set esp-aes esp-sha-hmac

  mode tunnel

  exit

  crypto ipsec security-association lifetime seconds 1800

  access-list 101 permit ip 192.168.101.0 0.0.0.255 192.168.102.0 0.0.0.255

  crypto  map test 10 ipsec-isakmp

  set  transform-set t-set

  set peer 103.1.1.100

  match address 101

  int s0/0

  crypto  map test

R2

  crypto  isakmp policy 1

  authentication pre-share

  encryption aes

  hash sha

  group 5

  lifetime 1800

  exit

  crypto  isakmp key shiva add 103.1.1.100

  crypto  ipsec  transform-set t-set esp-aes esp-sha-hmac

  mode tunnel

  exit

  crypto ipsec security-association lifetime seconds 1800

  access-list 101 permit ip 192.168.101.0 0.0.0.255 192.168.102.0 0.0.0.255

  crypto  map test 10 ipsec-isakmp

  set  transform-set t-set

  set peer 103.1.1.100

  match address 101

  int s0/0

  crypto  map test

R3

  crypto  isakmp policy 1

  authentication pre-share

  encryption aes

  hash sha

  group 5

  lifetime 1800

  exit

  crypto  isakmp key shiva add 101.1.1.100

  crypto  isakmp key shiva add 102.1.1.100

  crypto  isakmp keepalive  10 10

  crypto  ipsec  transform-set t-set esp-aes esp-sha-hmac

  mode tunnel

  exit

  crypto ipsec security-association lifetime seconds 1800

  access-list 102 permit ip 192.168.102.0 0.0.0.255 192.168.101.0 0.0.0.255

  crypto  map test 10 ipsec-isakmp

  set  transform-set t-set

  set peer 101.1.1.100 default

  set peer 102.1.1.100

  match address 102

  int s0/0

  crypto  map test

  exit

R3

R3#ping 192.168.101.1 source fastEthernet 0/0 repeat 999999999

Type escape sequence to abort.

Sending 999999999, 100-byte ICMP Echos to 192.168.101.1, timeout is 2 seconds:

Packet sent with a source address of 192.168.102.1

.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

R1#sh crypto isakmp sa

IPv4 Crypto ISAKMP SA

dst             src             state          conn-id slot status

101.1.1.100     103.1.1.100     QM_IDLE           1001    0 ACTIVE

IPv6 Crypto ISAKMP SA

R1#sh crypto ipsec sa

interface: Serial0/0

    Crypto map tag: test, local addr 101.1.1.100

   protected vrf: (none)

   local  ident (addr/mask/prot/port): (192.168.101.0/255.255.255.0/0/0)

   remote ident (addr/mask/prot/port): (192.168.102.0/255.255.255.0/0/0)

   current_peer 103.1.1.100 port 500

     PERMIT, flags={origin_is_acl,}

    #pkts encaps: 455, #pkts encrypt: 455, #pkts digest: 455

    #pkts decaps: 455, #pkts decrypt: 455, #pkts verify: 455

    #pkts compressed: 0, #pkts decompressed: 0

    #pkts not compressed: 0, #pkts compr. failed: 0

    #pkts not decompressed: 0, #pkts decompress failed: 0

    #send errors 0, #recv errors 0

     local crypto endpt.: 101.1.1.100, remote crypto endpt.: 103.1.1.100

     path mtu 1500, ip mtu 1500, ip mtu idb Serial0/0

     current outbound spi: 0x22BFB79F(582989727)

     inbound esp sas:

      spi: 0xE8BC3E68(3904650856)

        transform: esp-aes esp-sha-hmac ,

R1

R1(config)#interface s0/0

R1(config-if)#sh

R1(config-if)#shutdown

R2

*Mar  1 00:10:32.911: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active

R2#sh crypto isakmp

*Mar  1 00:10:58.791: %SYS-5-CONFIG_I: Configured from console by console

R2#sh crypto isakmp sa

IPv4 Crypto ISAKMP SA

dst             src             state          conn-id slot status

103.1.1.100     102.1.1.100     QM_IDLE           1001    0 ACTIVE

IPv6 Crypto ISAKMP SA

R2#sh crypto ipsec sa

interface: Serial0/0

    Crypto map tag: test, local addr 102.1.1.100

   protected vrf: (none)

   local  ident (addr/mask/prot/port): (192.168.101.0/255.255.255.0/0/0)

   remote ident (addr/mask/prot/port): (192.168.102.0/255.255.255.0/0/0)

   current_peer 103.1.1.100 port 500

     PERMIT, flags={origin_is_acl,}

    #pkts encaps: 328, #pkts encrypt: 328, #pkts digest: 328

    #pkts decaps: 328, #pkts decrypt: 328, #pkts verify: 328

    #pkts compressed: 0, #pkts decompressed: 0

    #pkts not compressed: 0, #pkts compr. failed: 0

    #pkts not decompressed: 0, #pkts decompress failed: 0

    #send errors 1, #recv errors 0

     local crypto endpt.: 102.1.1.100, remote crypto endpt.: 103.1.1.100

     path mtu 1500, ip mtu 1500, ip mtu idb Serial0/0

     current outbound spi: 0xB97B132C(3111850796)

     inbound esp sas:

      spi: 0x44BEA89A(1153345690)

        transform: esp-aes esp-sha-hmac ,

         

R3

R3#ping 192.168.101.1 source fastEthernet 0/0 repeat 999999999

Type escape sequence to abort.

Sending 999999999, 100-byte ICMP Echos to 192.168.101.1, timeout is 2 seconds:

Packet sent with a source address of 192.168.102.1

.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!….!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!