Site2site VPN

Unanswered Question
Danilo Dy Sat, 04/07/2007 - 01:23
User Badges:
  • Blue, 1500 points or more

Hi,


What is your router model and IOS feature set? Should be able to support IPSEC VPN.


Here's a sample template that I created.

Office Network = 172.16.0.0/12

Remote Network = 10.0.0.0/8

Office WAN Interface IP Address = a.b.c.2, Gateway = a.b.c.1

Remote WAN Interface IP Address = w.x.y.2, Gateway = w.x.y.1


1. Office

!

ip subnet-zero

!

crypto isakmp policy 3

authentication pre-share

!

crypto isakmp key trinity address w.x.y.2 no-xauth

!

crypto ipsec transform-set NEO esp-des esp-sha-hmac

!

crypto map TheMatrix 1 ipsec-isakmp

set peer w.x.y.2

set transform-set NEO

set pfs group1

match address 101

!

interface wan_interface_facing_internet

ip address a.b.c.2 255.255.255.252

crypto map TheMatrix

!

ip classless

ip route 0.0.0.0 0.0.0.0 a.b.c.1

!

access-list 101 permit ip 172.16.0.0 0.240.255.255 10.0.0.0 0.255.255.255


2. Remote

!

ip zubnet-zero

!

crypto isakmp policy 3

authentication pre-share

!

crypto isakmp key trinity address a.b.c.2 no-xauth

!

crypto ipsec transform-set NEO esp-des esp-sha-hmac

!

crypto map TheMatrix 1 ipsec-isakmp

set peer a.b.c.2

set transform-set NEO

set pfs group1

match address 101

!

interface wan_interface_facing_internet

ip address w.x.y.2 255.255.255.252

crypto map TheMatrix

!

ip classless

ip route 0.0.0.0 0.0.0.0 w.x.y.1

!

access-list 101 permit ip 10.0.0.0 0.255.255.255 172.16.0.0 0.240.255.255



Jon Marshall Sat, 04/07/2007 - 01:30
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Ali


Attached is a document for configuring site-to-site VPN's on IOS routers.


http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080194650.shtml


Have a look and come back if you have any questions.


Congratulations on ytour 4507 deployment.


HTH


Jon


Latchum Naidu Tue, 02/22/2011 - 02:10
User Badges:
  • Blue, 1500 points or more

Hi,

Please find the below sample configure to setup site to site vpn between pix 515E.


Current config:
crypto map ToNYC 20 ipsec-isakmp
crypto map ToNYC 20 match address VPNtoNYC
crypto map ToNYC 20 set peer 11.11.11.11
crypto map ToNYC 20 set transform-set strong
crypto map ToNYC interface outside
isakmp enable outside
isakmp key ******** address 11.11.11.11 netmask 255.255.255.255
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 28800


For second tunnel:

crypto map ToABC 10 ipsec-isakmp
crypto map ToABC 10 match address VPNtoABC
crypto map ToABC 10 set peer 22.22.22.22
crypto map ToABC 10 set transform-set strong
isakmp key ******** address 22.22.22.22 netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 28800


Please rate the helpfull posts.

Regards,
Naidu.

Actions

This Discussion