Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC Site to Site VPN Help Need

Hello everyone I'm working on a lad and I need some help. I'm tring to configure IPSEC site to site VPN. I'm in need with step number 4.

http://spec-works.com/bike/vpn.jpg

Here are my configs:

Router1

Router1#sh running-config
Building configuration...

Current configuration : 2438 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
vtp mode transparent
archive
log config
  hidekeys
!
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key spike address 10.10.2.2
!
!
crypto ipsec transform-set 3DESHMAC esp-3des esp-sha-hmac
!
crypto map TOROUTER5 1 ipsec-isakmp
set peer 10.10.2.2
set transform-set 3DESHMAC
match address Router1ToRouter5
!
!
!
vlan 50
!
!
!
!
interface Port-channel1
switchport mode trunk
!
interface Port-channel2
switchport mode trunk
!
interface FastEthernet0/0
ip address 10.10.1.2 255.255.255.252
duplex auto
speed auto
crypto map TOROUTER5
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet1/1
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
switchport mode trunk
channel-group 2 mode on
!
interface FastEthernet1/12
switchport mode trunk
channel-group 2 mode on
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Vlan1
no ip address
!
interface Vlan50
ip address 172.16.50.2 255.255.255.0
standby 1 ip 172.16.50.1
standby 1 priority 105
standby 1 preempt
!
router eigrp 1
passive-interface default
no passive-interface Vlan50
network 10.0.0.0
network 172.16.0.0
auto-summary
!
router bgp 50
bgp log-neighbor-changes
neighbor 10.10.1.1 remote-as 10
!
address-family ipv4
  neighbor 10.10.1.1 activate
  no auto-summary
  no synchronization
  network 172.16.50.0 mask 255.255.255.0
exit-address-family
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.10.1.1
!
!
ip http server
no ip http secure-server
!
ip access-list extended Router1ToRouter5
permit ip 172.16.50.0 0.0.0.255 192.168.50.0 0.0.0.255
!
mac-address-table static 0000.0c07.ac01 interface FastEthernet1/1 vlan 50
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

R3

Router3#sh running-config
Building configuration...

Current configuration : 1181 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
archive
log config
  hidekeys
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.10.1.1 255.255.255.252
duplex auto
speed auto
!
interface Serial0/0
ip address 10.10.2.1 255.255.255.252
no fair-queue
clock rate 2000000
!
interface FastEthernet0/1
ip address 10.0.1.1 255.255.255.252
duplex auto
speed auto
!
interface Serial0/1
ip address 10.10.3.1 255.255.255.252
clock rate 2000000
!
router bgp 10
bgp log-neighbor-changes
neighbor 10.0.1.2 remote-as 20
neighbor 10.10.1.2 remote-as 50
!
address-family ipv4
  redistribute connected
  redistribute static
  neighbor 10.0.1.2 activate
  neighbor 10.10.1.2 activate
  no auto-summary
  no synchronization
  network 10.10.0.0 mask 255.255.0.0
exit-address-family
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
!
end

Router5

Router5#sh running-config
Building configuration...

Current configuration : 1371 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
archive
log config
  hidekeys
!
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key spike address 10.10.1.2
!
!
crypto ipsec transform-set 3DESHMAC esp-3des esp-sha-hmac
!
crypto map TOROUTER1 1 ipsec-isakmp
set peer 10.10.1.2
set transform-set 3DESHMAC
match address Router5ToRouter1
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
ip address 10.10.2.2 255.255.255.252
no fair-queue
clock rate 2000000
crypto map TOROUTER1
!
interface FastEthernet0/1
ip address 192.168.100.1 255.255.255.0
ip summary-address eigrp 1 0.0.0.0 0.0.0.0 5
duplex auto
speed auto
!
router eigrp 1
passive-interface default
no passive-interface FastEthernet0/1
network 192.168.100.0
auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 0.0.0.0 0.0.0.0 10.10.2.1
!
!
ip http server
no ip http secure-server
!
ip access-list extended Router5ToRouter1
permit ip 192.168.50.0 0.0.0.255 172.16.50.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

Router9

Router9#sh running-config
Building configuration...

Current configuration : 826 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router9
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
archive
log config
  hidekeys
!
!
!
!
bridge irb
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
bridge-group 1
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
bridge-group 1
!
interface BVI1
ip address 192.168.100.100 255.255.255.0
!
router eigrp 1
network 192.168.100.0
auto-summary
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
bridge 1 priority 0
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

Router11

Router11#sh running-config
Building configuration...

Current configuration : 1822 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router11
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
vtp mode transparent
archive
log config
  hidekeys
!
!
!
!
vlan 50
!
!
!
!
interface Port-channel2
switchport trunk allowed vlan 1,2,50,1002-1005
switchport mode trunk
!
interface Port-channel3
switchport trunk allowed vlan 1,2,50,1002-1005
switchport mode trunk
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
switchport trunk allowed vlan 1,2,50,1002-1005
switchport mode trunk
channel-group 2 mode on
!
interface FastEthernet1/12
switchport trunk allowed vlan 1,2,50,1002-1005
switchport mode trunk
channel-group 2 mode on
!
interface FastEthernet1/13
switchport trunk allowed vlan 1,2,50,1002-1005
switchport mode trunk
channel-group 3 mode on
!
interface FastEthernet1/14
switchport trunk allowed vlan 1,2,50,1002-1005
switchport mode trunk
channel-group 3 mode on
!
interface FastEthernet1/15
!
interface Vlan1
no ip address
!
interface Vlan50
ip address 172.16.50.50 255.255.255.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.16.50.1
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

2 REPLIES

IPSEC Site to Site VPN Help Need

Router 9------------------Router5----------------------Router1------------------ Router 11

If i understand correctly LAN on Router 9 should be Able to talk to LAN on Router 11.

Frist you need to add/get router of LAN router 11 on router 9 Via Static or whatever same on router 11 should have router of LAN router 9 poinitng to Router 1.

Under crypto you should call on Router 5 --- Source LAN of Router 9 and Destination LAN of router 11.

Under crypto you should call on Router 1 --- Source LAN of router 11 and destination LAN of router 9.

Thanks

Ajay

New Member

Re: IPSEC Site to Site VPN Help Need

Well thanks for the replay. I'm new to this and not following you. I have attempted to put a static route on Router 1 & Router 5. Please feel free to explain.

376
Views
0
Helpful
2
Replies
CreatePlease login to create content