sh crypto isakmp poliy
sh crypto isakmp key
sh crypto ipsec transformset
sh crypto map
sh crypto isakmp sa
sh crypto ipsec sa
Network Diagram
Configuration on Router1
Step 1: Create Isakmp policy
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
Step 2: Create Pre-Share Key
crypto isakmp key abcdefg address 20.20.20.20
Step 3: Create transform set
crypto ipsec transform-set test1 esp-3des esp-md5-hmac
mode transport
Step 4: Create Crypto Map
crypto map MAP1 10 ipsec-isakmp
description Tunnel to Router2
set peer 20.20.20.20
set transform-set test1
match address VPN-R1toR2
Step 5: Create ACL
ip access-list extended VPN-R1toR2
Remark Ecrypted traffic from Router1 to Router2
permit host 10.10.10.10 host 20.20.20.20
Step 6: Create Tunnel interface
interface tunnel 12
ip address 172.16.1.1 255.255.255.252
tunnel source fa 0/1
tunnel destination 20.20.20.20
tunnel mode gre
crypto map MAP1
Step 7: Configure WAN interface
interface fa 0/1
ip address 10.10.10.10 255.255.255.255
crypto map MAP1
Step 8: Static Route to PEER address
ip route 20.20.20.20 255.255.255.255 10.10.10.1
======================================================
Configuration on Router2
Step 1: Create Isakmp policy
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
Step 2: Create Pre-Share Key
crypto isakmp key abcdefg address 10.10.10.10
Step 3: Create transform set
crypto ipsec transform-set test1 esp-3des esp-md5-hmac
mode transport
Step 4: Create Crypto Map
crypto map MAP2 10 ipsec-isakmp
description Tunnel to Router2
set peer 10.10.10.10
set transform-set test2
match address VPN-R2toR1
Step 5: Create ACL
ip access-list extended VPN-R2toR1
Remark Ecrypted traffic from Router2 to Router1
permit host 20.20.20.20 host 10.10.10.10
Step 6: Create Tunnel interface
interface tunnel 21
ip address 172.16.1.2 255.255.255.252
tunnel source fa 0/1
tunnel destination 10.10.10.10
tunnel mode gre
crypto map MAP2
Step 7: Configure WAN interface
interface fa 0/1
ip address 20.20.20.20 255.255.255.255
crypto map MAP2
Step 8: Static Route to PEER address
ip route 10.10.10.10 255.255.255.255 20.20.20.1
sh crypto isakmp key
sh crypto ipsec transformset
sh crypto map
sh crypto isakmp sa
sh crypto ipsec sa
Network Diagram
Configuration on Router1
Step 1: Create Isakmp policy
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
Step 2: Create Pre-Share Key
crypto isakmp key abcdefg address 20.20.20.20
Step 3: Create transform set
crypto ipsec transform-set test1 esp-3des esp-md5-hmac
mode transport
Step 4: Create Crypto Map
crypto map MAP1 10 ipsec-isakmp
description Tunnel to Router2
set peer 20.20.20.20
set transform-set test1
match address VPN-R1toR2
Step 5: Create ACL
ip access-list extended VPN-R1toR2
Remark Ecrypted traffic from Router1 to Router2
permit host 10.10.10.10 host 20.20.20.20
Step 6: Create Tunnel interface
interface tunnel 12
ip address 172.16.1.1 255.255.255.252
tunnel source fa 0/1
tunnel destination 20.20.20.20
tunnel mode gre
crypto map MAP1
Step 7: Configure WAN interface
interface fa 0/1
ip address 10.10.10.10 255.255.255.255
crypto map MAP1
Step 8: Static Route to PEER address
ip route 20.20.20.20 255.255.255.255 10.10.10.1
======================================================
Configuration on Router2
Step 1: Create Isakmp policy
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
Step 2: Create Pre-Share Key
crypto isakmp key abcdefg address 10.10.10.10
Step 3: Create transform set
crypto ipsec transform-set test1 esp-3des esp-md5-hmac
mode transport
Step 4: Create Crypto Map
crypto map MAP2 10 ipsec-isakmp
description Tunnel to Router2
set peer 10.10.10.10
set transform-set test2
match address VPN-R2toR1
Step 5: Create ACL
ip access-list extended VPN-R2toR1
Remark Ecrypted traffic from Router2 to Router1
permit host 20.20.20.20 host 10.10.10.10
Step 6: Create Tunnel interface
interface tunnel 21
ip address 172.16.1.2 255.255.255.252
tunnel source fa 0/1
tunnel destination 10.10.10.10
tunnel mode gre
crypto map MAP2
Step 7: Configure WAN interface
interface fa 0/1
ip address 20.20.20.20 255.255.255.255
crypto map MAP2
Step 8: Static Route to PEER address
ip route 10.10.10.10 255.255.255.255 20.20.20.1