Site2site VPN

alsayed · ‎04-07-2007

Hi Expert's!

how can i implement Site-to-Site VPN;WE HAVE 2 ROUTERS At each site + 512 internet connection

10xs

Ali

Danilo Dy · ‎04-07-2007

Hi,

What is your router model and IOS feature set? Should be able to support IPSEC VPN.

Here's a sample template that I created.

Office Network = 172.16.0.0/12

Remote Network = 10.0.0.0/8

Office WAN Interface IP Address = a.b.c.2, Gateway = a.b.c.1

Remote WAN Interface IP Address = w.x.y.2, Gateway = w.x.y.1

1. Office

!

ip subnet-zero

!

crypto isakmp policy 3

authentication pre-share

!

crypto isakmp key trinity address w.x.y.2 no-xauth

!

crypto ipsec transform-set NEO esp-des esp-sha-hmac

!

crypto map TheMatrix 1 ipsec-isakmp

set peer w.x.y.2

set transform-set NEO

set pfs group1

match address 101

!

interface wan_interface_facing_internet

ip address a.b.c.2 255.255.255.252

crypto map TheMatrix

!

ip classless

ip route 0.0.0.0 0.0.0.0 a.b.c.1

!

access-list 101 permit ip 172.16.0.0 0.240.255.255 10.0.0.0 0.255.255.255

2. Remote

!

ip zubnet-zero

!

crypto isakmp policy 3

authentication pre-share

!

crypto isakmp key trinity address a.b.c.2 no-xauth

!

crypto ipsec transform-set NEO esp-des esp-sha-hmac

!

crypto map TheMatrix 1 ipsec-isakmp

set peer a.b.c.2

set transform-set NEO

set pfs group1

match address 101

!

interface wan_interface_facing_internet

ip address w.x.y.2 255.255.255.252

crypto map TheMatrix

!

ip classless

ip route 0.0.0.0 0.0.0.0 w.x.y.1

!

access-list 101 permit ip 10.0.0.0 0.255.255.255 172.16.0.0 0.240.255.255

alsayed · ‎04-07-2007

Hi medan !

appreciate ur quick reply;am going to use it as reference in my plan

regards

ALI

Jon Marshall · ‎04-07-2007

Hi Ali

Attached is a document for configuring site-to-site VPN's on IOS routers.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080194650.shtml

Have a look and come back if you have any questions.

Congratulations on ytour 4507 deployment.

HTH

Jon

alsayed · ‎04-07-2007

Hi Jon!

10xs a lot for ur reply;am going to be fine in my work.experts help me to much in this forum.10xs ti them

10xs

alsayed · ‎04-07-2007

Hi Experts!

i need useful link regarding Site to site VPN using pix 515E

10xs

Danilo Dy · ‎04-07-2007

Hi,

New PIX? Try this link http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_72/72_gsg/sitvpn_p.htm

alsayed · ‎04-07-2007

Hi medan

10xs a lot

ALI

Danilo Dy · ‎04-07-2007

No problem Ali :)

Latchum Naidu · ‎02-22-2011

Hi,

Please find the below sample configure to setup site to site vpn between pix 515E.

Current config:
crypto map ToNYC 20 ipsec-isakmp
crypto map ToNYC 20 match address VPNtoNYC
crypto map ToNYC 20 set peer 11.11.11.11
crypto map ToNYC 20 set transform-set strong
crypto map ToNYC interface outside
isakmp enable outside
isakmp key ******** address 11.11.11.11 netmask 255.255.255.255
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 28800

For second tunnel:

crypto map ToABC 10 ipsec-isakmp
crypto map ToABC 10 match address VPNtoABC
crypto map ToABC 10 set peer 22.22.22.22
crypto map ToABC 10 set transform-set strong
isakmp key ******** address 22.22.22.22 netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 28800

Please rate the helpfull posts.

Regards,
Naidu.