SOURCECODEBD.NET

Live Experience

1.  CONFIGURE SITE-TO-SITE IPSEC VPN

HOW TO CONFIGURE SITE-TO-SITE IPSEC VPN
 
Interface IP Address Configuration 
 
R1 
 
Interface  IP Address   Subnet Mask 
S 1/0        2.2.2.1         255.0.0.0 
E 0          10.1.1.1        255.0.0.0 
 
R2 
 
Interface   IP Address   Subnet Mask 
S 0/2         2.2.2.2          255.0.0.0 
Fa 0/0       20.1.1.1        255.0.0.0 
 
Task 1 
 
Configure the ISAKMP policy required to establish on IKE tunnel. 
Define the IPSec transform-set. 
Create crypto ACL to define which traffic should be sent through the IPSec tunnel. 
Create crypto map that maps the previously configured parameters and defines IPSec 
peer device. 
Apply the crypto map to the outgoing interface of the VPN device.
 
 
R1 
 
Crypto isakmp enable 
 
Crypto isakmp policy 20 
Encryption 3des 
Hash md5 
Authentication pre-share 
Group1 
 
Crypto isakmp key cisco123 address 2.2.2.2 
 
Crypto ipsec transform-set set1 esp-des 
 
Access-list 101 permit ip 
10.0.0.0 0.255.255.255 
20.0.0.0 0.255.255.255 
 
Crypto map map1 10 ipsec-isakmp 
Set peer 2.2.2.2 
Set transform-set set1 
Match address 101 
 
Int s1/0 
Crypto map map1 
 
Ip route 20.0.0.0 255.0.0.0 2.2.2.2
 
 
R2 
 
Crypto isakmp enable 
 
Crypto isakmp policy 15 
Encryption 3des 
Hash md5 
Authentication pre-share 
Group1 
 
Crypto isakmp key cisco123 address 2.2.2.1 
 
Crypto ipsec transform-set set1 esp-des 
 
Access-list 101 permit ip 
20.0.0.0 0.255.255.255 
10.0.0.0 0.255.255.255 
 
Crypto map map1 10 ipsec-isakmp 
Set peer 2.2.2.1 
Set transform-set set1 
Match address 101 
 
Int s0/2 
Crypto map map1 
 
Ip route 10.0.0.0 255.0.0.0 2.2.2.2
 
Verification: 
 
R1#show crypto isakmp sa
 
The output displays the IKE tunnel established between src and dst. With the state 
displayed as QM-IDLE and a connection-id, if nothing of the above is displayed then the 
IKE phase I has not established.
 
R1#show crypto isakmp policy
 
The output displays all the policies defined and also the default policy set.
 
R1#show crypto isakmp key 
 
The output displays the pre-shared key defined manually. 
 
R1#show crypto map
 
The output displays the crypto map configured and also SA lifetime is displayed. 
 
R1#show crypto ipsec sa 
 
The output displays the packets encrypted or decrypted. 
Before verifying this command ping to the destination, i.e., once the interesting traffic is 
sent the SA is formed and then secured. 
 
R1#show crypto ipsec transform-set
 
The output displays the transform-set.
You are here: Home / VPN / HOW TO CONFIGURE SITE-TO-SITE IPSEC VPN