Friday, April 19, 2013

Configure Cisco Site-to-Site IPsec VPN


Configure Cisco Site-to-Site IPsec VPN




Router 3

crypto isakmp policy 10
 encr 3des
hash sha
 authentication pre-share
 group 2
!
crypto isakmp key test address 30.30.30.2
crypto isakmp enable
!
!
crypto ipsec transform-set myvpn esp-3des esp-sha-hmac
!
crypto map myvpn 10 ipsec-isakmp
 description 10
 set peer 30.30.30.2
 set transform-set myvpn
 match address A_to_B
!
interface FastEthernet0/0
 ip address 10.10.10.1 255.255.255.252
 duplex auto
 speed auto
 crypto map myvpn
!
interface FastEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
ip route 20.20.20.0 255.255.255.252 FastEthernet0/0
ip route 30.30.30.0 255.255.255.252 FastEthernet0/0
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
ip access-list extended A_to_B
 permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255



Router 2

crypto isakmp policy 10
 encr 3des
 hash sha
 authentication pre-share
 group 2
!
crypto isakmp key test address 10.10.10.1
crypto isakmp enable 
!
!
crypto ipsec transform-set myvpn  esp-3des esp-sha-hmac
!
crypto map myvpn 10 ipsec-isakmp
 description 10
 set peer 10.10.10.1
 set transform-set myvpn
 match address B_to_A
!

interface FastEthernet0/0
 ip address 30.30.30.2 255.255.255.252
 duplex auto
 speed auto
 crypto map A_to_B
!
interface FastEthernet0/1
 ip address 172.16.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
ip route 20.20.20.0 255.255.255.252 FastEthernet0/0
ip route 10.10.10.0 255.255.255.252 FastEthernet0/0
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

ip access-list extended B_to_A
 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255




router 0

interface FastEthernet0/0
 ip address 10.10.10.2 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 20.20.20.1 255.255.255.252
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
ip route 30.30.30.0 255.255.255.252 FastEthernet0/1



router 1

interface FastEthernet0/0
 ip address 20.20.20.2 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 30.30.30.1 255.255.255.252
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
ip route 10.10.10.0 255.255.255.252 FastEthernet0/0







Posted by at

1 comment:

Subscribe to: Post Comments (Atom)