Networking, Security & Cloud Knowledge

Tuesday, November 30, 2010

[<< INDEX PAGE ][012][ Building Site - to - Site VPN configuration example]

sh crypto isakmp poliy
sh crypto isakmp key
sh crypto ipsec transformset
sh crypto map

sh crypto isakmp sa
sh crypto ipsec sa
Network Diagram



Configuration on Router1

Step 1: Create Isakmp policy
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share

Step 2: Create Pre-Share Key
crypto isakmp key abcdefg address 20.20.20.20

Step 3: Create transform set
crypto ipsec transform-set test1 esp-3des esp-md5-hmac
mode transport

Step 4: Create Crypto Map
crypto map MAP1 10 ipsec-isakmp
description Tunnel to Router2
set peer 20.20.20.20
set transform-set test1
match address VPN-R1toR2

Step 5: Create ACL
ip access-list extended VPN-R1toR2
Remark Ecrypted traffic from Router1 to Router2
permit host 10.10.10.10 host 20.20.20.20

Step 6: Create Tunnel interface
interface tunnel 12
ip address 172.16.1.1 255.255.255.252
tunnel source fa 0/1
tunnel destination 20.20.20.20
tunnel mode gre
crypto map MAP1

Step 7: Configure WAN interface
interface fa 0/1
ip address 10.10.10.10 255.255.255.255
crypto map MAP1

Step 8: Static Route to PEER address
ip route 20.20.20.20 255.255.255.255 10.10.10.1


======================================================

Configuration on Router2

Step 1: Create Isakmp policy
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share

Step 2: Create Pre-Share Key
crypto isakmp key abcdefg address 10.10.10.10

Step 3: Create transform set
crypto ipsec transform-set test1 esp-3des esp-md5-hmac
mode transport

Step 4: Create Crypto Map
crypto map MAP2 10 ipsec-isakmp
description Tunnel to Router2
set peer 10.10.10.10
set transform-set test2
match address VPN-R2toR1

Step 5: Create ACL
ip access-list extended VPN-R2toR1
Remark Ecrypted traffic from Router2 to Router1
permit host 20.20.20.20 host 10.10.10.10

Step 6: Create Tunnel interface
interface tunnel 21
ip address 172.16.1.2 255.255.255.252
tunnel source fa 0/1
tunnel destination 10.10.10.10
tunnel mode gre
crypto map MAP2

Step 7: Configure WAN interface
interface fa 0/1
ip address 20.20.20.20 255.255.255.255
crypto map MAP2

Step 8: Static Route to PEER address
ip route 10.10.10.10 255.255.255.255 20.20.20.1