Monday, March 3, 2014

Configuring IPsec Site-Site VPN on Cisco Routers

  March 03, 2014            No comments

Lab Topology


Configuration on Router R1 (Site-A)

Step 1: Defining ISAKMP Policy phase 1


crypto isakmp enable
crypto isakmp policy 10
encryption 3des
authentication pre-share
group 2
hash md5
!
! authentication method pre-share and remote peer address
crypto isakmp key arshnetworks address 8.8.8.2
!
! Defining IPSec parameters, which are commonly known as Phase 2 Parameters Of VPN
crypto ipsec transform-set t-set-1 esp-3des esp-md5-hmac
exit
! defining when VPN should form
!
access-list 101 permit ip host 11.11.11.11 host 33.33.33.33
!
! creating crypto map to bind all parameters together
!
crypto map vpn-map 10 ipsec-isakmp
set peer 8.8.8.2
set transform-set t-set-1
match address 101
exit
! Applying on the WAN interface
int f 0/0
crypto map vpn-map

Configuration on Router R3 Site-B

crypto isakmp enable
crypto isakmp policy 10
encryption 3des
authentication pre-share
group 2
hash md5
!
crypto isakmp key arshnetworks address 7.7.7.1
!
crypto ipsec transform-set t-set-2 esp-3des esp-md5-hmac
!
access-list 101 permit ip host 11.11.11.11 host 33.33.33.33
!
crypto map vpn-map-2 10 ipsec-isakmp
set peer 7.7.7.1
set transform-set t-set-2
match address 101
exit
!
int f 0/0
crypto map vpn-map-2

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)