Qn 1. Configure GRE tunnel between R1 and R2 and introduce loopback0 using EIGRP

R1 Configuration:

R1(config)#int tunnel 0
R1(config-if)#ip add 172.16.0.1 255.255.255.0
R1(config-if)#tunnel source 172.16.1.1
R1(config-if)#tunnel destination 2.2.2.1
R1(config-if)#tunnel key 123
R1(config-if)#tunnel checksum
R1(config-if)#tunnel sequence-datagrams
R1(config-if)#exit
R1(config)#router eigrp 123
R1(config-router)#net 172.16.0.0 0.0.0.255
R1(config-router)#net 10.1.1.0 0.0.0.255
R1(config-router)#no au
R1(config-router)#exit

R2 Configuration:

R2(config)#int tunnel 1
R2(config-if)#ip add 172.16.0.2 255.255.255.0
R2(config-if)#tunnel source 2.2.2.1
R2(config-if)#tunnel destination 172.16.1.1
R2(config-if)#tunnel key 123
R2(config-if)#tunnel checksum
R2(config-if)#tunnel sequence-datagrams
R2(config-if)#exit
R2(config)#router eigrp 123
R2(config-router)#net 10.1.2.0 0.0.0.255
R2(config-router)#net 172.16.0.0 0.0.0.255
R2(config-router)#no au
R2(config-router)#exit

ASA1(config)# access-list OUT_IN permit gre host 2.2.2.1 host 172.16.1.1
ASA1(config)#access-list OUT_IN in interface outside

Q2. Configure GRE over ipsec to protect loopback 0 of R1 and R3 using ospf.

R3 Configuration:

R3(config)#crypto isakmp policy 20
R3(config-isakmp)#enc 3des
R3(config-isakmp)#ha md5
R3(config-isakmp)#gr 2
R3(config-isakmp)#au pr
R3(config-isakmp)#exit
R3(config)#crypto keyring KEY1
R3(conf-keyring)#pre-shared-key add 172.16.1.1 key cisco123
R3(conf-keyring)#exit
R3(config)#crypto isakmp profile PRO1
R3(conf-isa-prof)#match identity add 172.16.1.1
R3(conf-isa-prof)#keyring KEY1
R3(conf-isa-prof)#exi
R3(config)#crypto ipsec transform-set TSET esp-des esp-sha-hmac
R3(cfg-crypto-trans)#exi
R3(config)#cry ipsec pro GRE1
R3(ipsec-profile)#set trans TSET
R3(ipsec-profile)#set isakmp-profile PRO1
R3(ipsec-profile)#exit

R3(config)#int tun0
R3(config-if)#ip add 172.16.0.1 255.255.255.0
R3(config-if)#tunnel source 172.16.3.1
R3(config-if)#tunnel destination 172.16.1.1
R3(config-if)#tunnel key 123
R3(config-if)#tunnel protection ipsec profile GRE1
R3(config-if)#exit

R3(config)#router ospf 1
R3(config-router)#net 192.16.0.0 0.0.0.255 area 1
R3(config-router)#net 10.1.3.0 0.0.0.255 area 1
R3(config-router)#exit

R3(config)#ip classless

R1 Configuration :

 R1(config)#crypto isakmp policy 20
R1(config-isakmp)#enc 3des
R1(config-isakmp)#ha md5
R1(config-isakmp)#gr 2
R1(config-isakmp)#au pr
R1(config-isakmp)#exit
R1(config)#crypto keyring KEY1
R1(conf-keyring)#pre-shared-key add 172.16.3.1 key cisco123
R1(conf-keyring)#exit

R1(config)#crypto isakmp profile PRO1
R1(conf-isa-prof)#match identity add 172.16.3.1
R1(conf-isa-prof)#keyring KEY1
R1(conf-isa-prof)#exi

R1(config)#crypto ipsec transform-set TSET esp-des esp-sha-hmac
R1(cfg-crypto-trans)#exi

R1(config)#cry ipsec pro GRE1
R1(ipsec-profile)#set trans TSET
R1(ipsec-profile)#set isakmp-profile PRO1
R1(ipsec-profile)#exit

R1(config)#int tun0
R1(config-if)#ip add 192.16.0.2 255.255.255.0
R1(config-if)#tunnel source 172.16.1.1
R1(config-if)#tunnel destination 172.16.3.1
R1(config-if)#tunnel key 123
R1(config-if)#tunnel protection ipsec profile GRE1
R1(config-if)#exit

R1(config)#router ospf 1
R1(config-router)#net 192.16.0.0 0.0.0.255 area 1
R1(config-router)#net 10.1.1.0 0.0.0.255 area 1
R1(config-router)#exit

R1(config)#ip classless

ASA2(config)#access-list OUT_IN permit esp host 172.16.1.1 host 172.16.3.1
ASA2(config)# access-group OUT_IN in interface outside

ASA1(config)#access-list OUT_IN permit esp host 172.16.3.1 host 172.16.1.1
ASA1(config)# access-group OUT_IN in interface outside

Qn 3. Configure svti between loopback 1 of R2 and R3.

R2 configuration:

crypto isakmp policy 1
authentication pre-share
group 2
!
Crypto isakmp key cisco1234 address 172.16.3.1
!
crypto ipsec transform-set TSET esp-3des esp-sha-hmac
!
crypto ipsec profile PRO
set transform-set TSET
!
interface Tunnel0
ip address 192.16.1.1 255.255.255.0
tunnel source 2.2.2.1
tunnel destination 172.16.3.1
tunnel mode ipsec ipv4
tunnel protection ipsec profile PRO
!
router eigrp 123
network 10.1.22.0 0.0.0.255
network 192.16.1.0 0.0.0.255
no auto-summary
!

R3 configuration:

crypto isakmp policy 1
authentication pre-share
group 2
!
Crypto isakmp key cisco1234 address 2.2.2.1
!
crypto ipsec transform-set TSET esp-3des esp-sha-hmac
!
crypto ipsec profile PRO
set transform-set TSET
!
interface Tunnel0
ip address 172.16.1.1 255.255.255.0
tunnel source 172.16.3.1
tunnel destination 2.2.2.1
tunnel mode ipsec ipv4
tunnel protection ipsec profile PRO
!
router eigrp 123
network 10.1.33.0 0.0.0.255
network 192.16.1.0 0.0.0.255
no auto-summary
!
ASA2(config)# access-list OUT_IN permit esp host 2.2.2.1 host 172.16.3.1
ASA2(config)# access-group OUT_IN in int outside