Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site-Site VPN 2600 routers

I'm planning on setting up a site to site VPN between 2 2600 routers utilizing Ipsec which are both running the firewall feature set and NAT utilizing PAT. Does anyone have a similar configuration that they can post their config files? I need to get an idea on how this can be accomplished .

From the other posts i've seen it looks like NAT is going to be a problem and i've attempted it already and failed. Any info or Config files would be great!

Tony

<A HREF="mailto:tkusina@hydra-flex.com">tkusina@hydra-flex.com</A>

1 REPLY
New Member

Re: Site-Site VPN 2600 routers

tony,

I am assuming that you are going to use pre-shared keys? I have the exact same setup at a couple of locations. NAT sucks for me, but you can try if you like. You need to define crytpo settings e.g. Policy, authentication, lifetime. You then need to create the keys :

crypto isakmp key TONY address 1.1.1.1 255.255.255.255

Then you need to create a transform set:

crytpo ipsec transform-set TONY esp-des esp-sha-hmac (or whatever alg you want)

Then you need to create an access-list:

access-list 101 permit 1.1.0.0 0.0.255.255 2.2.2.0 0.0.0.255

Then you need to create maps:

crypto map TONY 10 ipsec-isakmp

set peer 1.1.1.1

set transform-set TONY

match address 101

Then you need to bind the map to the interface you are using. What type of WAN are you using?

You need to match the key and ip address of the other router. You do it backwards, it is a little funky!

I set static routes for my tunnels, I only have 13 so it is not too much.

e-mail me if you have any questions

Geoff

gbeaty@reico.com

103
Views
0
Helpful
1
Replies
CreatePlease login to create content