Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Please help with basic IPSec tunnel configuration

Hi, can you please point me to a document or give me a configuration hint on how I get the IPsec tunnel created between the two routers as per attached drawing? I will need to do IPSec tunnel and let workstations behind the respective routers reach each other.

I am in hurry and searched few documents on cisco.com, but I haven't seen anything directed related to this basic configuration.

1 REPLY

Re: Please help with basic IPSec tunnel configuration

Well i think you forgot to post the network diagram, here's a basic configuration that you would require

let the toplogy be like

10.10.10.0/24 --R1 -----R2 ---20.20.20.0/24

Ipsec between R1 and R2 and the subnet between them is 172.16.1.0/30

At R1

crypto isakmp policy 1

encryption 3des

authentication pre-share

hash md5

group 2

crypto isakmp key cisco address 172.16.1.2

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map test 1 ipsec-isakmp

set peer 172.16.1.2

set transform set myset

match address 100

access-list 100 permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255

interface serial 0/0

ip address 172.16.1.1 255.255.255.252

crypto map test

At R2

crypto isakmp policy 1

encryption 3des

authentication pre-share

hash md5

group 2

crypto isakmp key cisco address 172.16.1.1

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map test 1 ipsec-isakmp

set peer 172.16.1.1

set transform set myset

match address 100

access-list 100 permit ip 20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255

Int serial 0/0

ip address 172.16.1.2 255.255.255.252

crypto map test

The access-list should be mirror images of each other and should have entries for the all the subnets behind the routers for which the traffic needs to be encrypted

Have a look at IPSec on Router to Router at the below link

http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html

HTH, rate if it does

Narayan

165
Views
0
Helpful
1
Replies