Open the Lab9_CNS_Topology.net file.

1. [2p] Configure the above topology with the IP addresses shown in the IP Addressing table. Configure EIGRP/OSPF in the above topology in order to have end-to-end connectivity.
   1. Test by using an extended ping from R1’s lo1 interface to R3’s lo1 interface.
2. [+5p=7p] Configure so that traffic between R1 Lo0 and R3 Lo0 is encrypted using IPSec.
   1. Configure the following ISAKMP policy on both R1 and R3
      • authentication: pre-shared keys
      • encryption: aes 256
      • hashing: sha1
      • diffie-hellman group: 2
      • lifetime: 3600
   2. Configure “cns!@#” as a pre-shared key on both R1 and R3.
   3. Configure the following transform set on both R1 and R3:
      • Tag (name of the transform set): TS_SRS
      • Transform set: esp-aes 256 esp-sha-hmac
      • Mode: transport
   4. Construct an access-list that will match the traffic that you want to encrypt. The access-list will have to define both the source and the destination of the traffic. An access-list must be defined on both R1 and R3. Watch out for the fact that the 2 ACLs must mirror each other.
   5. Create a crypto-map called TUNNEL_MAP on both R1 and R3.
      • The crypto map must match the ACL that you used to define interesting traffic.
      • The crypto map must set the remote peer for the tunnel. The remote peer is going to be the 
IP address of the outgoing Ethernet interface of each router.
      • The crypto map must set the transform set to “TS_SRS” 

   6. Apply the crypto map on interface F0/0 of R1 and F0/1 of R3.

   7. Verifying that the traffic is encrypted.
      • Use the capture R2 F0/0 tunnel.cap command in the dynagen console to start a capture on R2’s F0/0 interface
      • Generate traffic between loopback interfaces.
      • Stop the capture using the no capture R2 F0/0 command in the dynagen console.
      • Open the tunnel.cap file with Wireshark.
3. [+4p=11p] All the traffic that will be flowing between R1’s lo1 interface and R3’s lo1 interface is to be encapsulated using the GRE protocol.
   1. The network that is to be used on the Tunnel interfaces is 13.13.13.0 /29
   2. The tunnel mode is gre ip
   3. On R1, direct all the traffic going to network 11.3.3.0 through the GRE tunnel. Depending on what 
routing protocol you use, watch out for:
      • routes being advertised through the tunnel (including the route towards the tunnel 
endpoint)
      • the subnet mask of dynamic/static routes
   4. On R3, direct all the traffic going to network 11.1.1.0 through the GRE tunnel.
   5. Verifying the GRE encapsulation using Wireshark.