Please help with basic IPSec tunnel configuration

Unanswered Question
Aug 18th, 2007
User Badges:

Hi, can you please point me to a document or give me a configuration hint on how I get the IPsec tunnel created between the two routers as per attached drawing? I will need to do IPSec tunnel and let workstations behind the respective routers reach each other.


I am in hurry and searched few documents on cisco.com, but I haven't seen anything directed related to this basic configuration.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
royalblues Sun, 08/19/2007 - 04:23
User Badges:
  • Green, 3000 points or more

Well i think you forgot to post the network diagram, here's a basic configuration that you would require


let the toplogy be like


10.10.10.0/24 --R1 -----R2 ---20.20.20.0/24

Ipsec between R1 and R2 and the subnet between them is 172.16.1.0/30


At R1


crypto isakmp policy 1

encryption 3des

authentication pre-share

hash md5

group 2


crypto isakmp key cisco address 172.16.1.2


crypto ipsec transform-set myset esp-3des esp-md5-hmac


crypto map test 1 ipsec-isakmp

set peer 172.16.1.2

set transform set myset

match address 100


access-list 100 permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255


interface serial 0/0

ip address 172.16.1.1 255.255.255.252

crypto map test


At R2


crypto isakmp policy 1

encryption 3des

authentication pre-share

hash md5

group 2


crypto isakmp key cisco address 172.16.1.1


crypto ipsec transform-set myset esp-3des esp-md5-hmac


crypto map test 1 ipsec-isakmp

set peer 172.16.1.1

set transform set myset

match address 100


access-list 100 permit ip 20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255


Int serial 0/0

ip address 172.16.1.2 255.255.255.252

crypto map test


The access-list should be mirror images of each other and should have entries for the all the subnets behind the routers for which the traffic needs to be encrypted


Have a look at IPSec on Router to Router at the below link

http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html


HTH, rate if it does

Narayan

Actions

This Discussion