Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site-Site VPN 2600 routers

I'm planning on setting up a site to site VPN between 2 2600 routers utilizing Ipsec which are both running the firewall feature set and NAT utilizing PAT. Does anyone have a similar configuration that they can post their config files? I need to get an idea on how this can be accomplished .

From the other posts i've seen it looks like NAT is going to be a problem and i've attempted it already and failed. Any info or Config files would be great!


<A HREF=""></A>

New Member

Re: Site-Site VPN 2600 routers


I am assuming that you are going to use pre-shared keys? I have the exact same setup at a couple of locations. NAT sucks for me, but you can try if you like. You need to define crytpo settings e.g. Policy, authentication, lifetime. You then need to create the keys :

crypto isakmp key TONY address

Then you need to create a transform set:

crytpo ipsec transform-set TONY esp-des esp-sha-hmac (or whatever alg you want)

Then you need to create an access-list:

access-list 101 permit

Then you need to create maps:

crypto map TONY 10 ipsec-isakmp

set peer

set transform-set TONY

match address 101

Then you need to bind the map to the interface you are using. What type of WAN are you using?

You need to match the key and ip address of the other router. You do it backwards, it is a little funky!

I set static routes for my tunnels, I only have 13 so it is not too much.

e-mail me if you have any questions


CreatePlease login to create content