Although there are truly limitless combinations of VPN configurations that we could discuss, most often VPN configurations will be quite similar. This section discusses the two main types of VPNs: a site-to-site VPN (with multiple remote sites) and a VPN that connects a remote IPsec client.
The goal of this case study is to establish site-to-site VPNs between the Campus Core and the three remote offices (East, West, and South Branches). The following properties should be present for this configuration, as shown in Figure 6-7:
Figure 6-7. Case study network diagram
VPNs should use Main mode in a point-to-multipoint configuration.
OSPF should be used as a dynamic routing protocol for this example on the tunnel interfaces, with all st0 interfaces in Area 0. Since this isn’t true broadcast, define neighbors in the configuration.
The architecture will be hub and spoke (utilizing point-to-multipoint VPNs).
The st0 interface should be in the VPN zone. Use the following IP addressing for the st0 interfaces on the Campus Core and the remote offices:
Campus Core: 192.168.100.5/24
East Branch: 192.168.100.1/24
West Branch: 192.168.100.2/24
South Branch: 192.168.100.3/24
Only the respective networks for each side should be allowed through the VPN, with any service allowed between the networks.
The Phase 1 proposal should use 3DES SHA-1 with preshared keys. The ...