08-18-2007 03:44 PM - edited 03-03-2019 06:22 PM
Hi, can you please point me to a document or give me a configuration hint on how I get the IPsec tunnel created between the two routers as per attached drawing? I will need to do IPSec tunnel and let workstations behind the respective routers reach each other.
I am in hurry and searched few documents on cisco.com, but I haven't seen anything directed related to this basic configuration.
Solved! Go to Solution.
08-19-2007 04:45 AM
I think i posted a sample config on the other post without the diagram
Here is a sample configuration
At RouterA
crypto isakmp policy 1
encryption 3des
authentication pre-share
hash md5
group 2
crypto isakmp key cisco address 10.0.0.2
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map test 1 ipsec-isakmp
set peer 10.0.0.2
set transform set myset
match address 100
access-list 100 permit ip 170.79.62.0 0.0.3.255 170.79.69.0 0.0.0.255
interface fa 0/1
ip address 10.0.0.1 255.255.255.0
crypto map test
At RouterB
crypto isakmp policy 1
encryption 3des
authentication pre-share
hash md5
group 2
crypto isakmp key cisco address 10.0.0.1
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map test 1 ipsec-isakmp
set peer 10.0.0.1
set transform set myset
match address 100
access-list 100 permit ip 170.79.69.0 0.0.0.255 170.79.62.0 0.0.3.255
Int fa 0/0
ip address 10.0.0.2 255.255.255.0
crypto map test
HTH, rate if it does
Narayan
08-18-2007 10:58 PM
Hi,
You can view this:
http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html
where there are configuration examples; in particular you can view the section IPSec on Router to Router.
More in detail you can see : Configuring IOS-to-IOS IPSec Using AES Encryption
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080194650.shtml
I hope this helps.
Best regards.
Massimiliano.
08-19-2007 04:45 AM
I think i posted a sample config on the other post without the diagram
Here is a sample configuration
At RouterA
crypto isakmp policy 1
encryption 3des
authentication pre-share
hash md5
group 2
crypto isakmp key cisco address 10.0.0.2
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map test 1 ipsec-isakmp
set peer 10.0.0.2
set transform set myset
match address 100
access-list 100 permit ip 170.79.62.0 0.0.3.255 170.79.69.0 0.0.0.255
interface fa 0/1
ip address 10.0.0.1 255.255.255.0
crypto map test
At RouterB
crypto isakmp policy 1
encryption 3des
authentication pre-share
hash md5
group 2
crypto isakmp key cisco address 10.0.0.1
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map test 1 ipsec-isakmp
set peer 10.0.0.1
set transform set myset
match address 100
access-list 100 permit ip 170.79.69.0 0.0.0.255 170.79.62.0 0.0.3.255
Int fa 0/0
ip address 10.0.0.2 255.255.255.0
crypto map test
HTH, rate if it does
Narayan
08-19-2007 08:39 AM
You rule. Thanks!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: