Please help with basic IPSec tunnel configuration

news2010a · ‎08-18-2007

Hi, can you please point me to a document or give me a configuration hint on how I get the IPsec tunnel created between the two routers as per attached drawing? I will need to do IPSec tunnel and let workstations behind the respective routers reach each other.

I am in hurry and searched few documents on cisco.com, but I haven't seen anything directed related to this basic configuration.

royalblues · ‎08-19-2007

Well i think you forgot to post the network diagram, here's a basic configuration that you would require

let the toplogy be like

10.10.10.0/24 --R1 -----R2 ---20.20.20.0/24

Ipsec between R1 and R2 and the subnet between them is 172.16.1.0/30

At R1

crypto isakmp policy 1

encryption 3des

authentication pre-share

hash md5

group 2

crypto isakmp key cisco address 172.16.1.2

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map test 1 ipsec-isakmp

set peer 172.16.1.2

set transform set myset

match address 100

access-list 100 permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255

interface serial 0/0

ip address 172.16.1.1 255.255.255.252

crypto map test

At R2

crypto isakmp policy 1

encryption 3des

authentication pre-share

hash md5

group 2

crypto isakmp key cisco address 172.16.1.1

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map test 1 ipsec-isakmp

set peer 172.16.1.1

set transform set myset

match address 100

access-list 100 permit ip 20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255

Int serial 0/0

ip address 172.16.1.2 255.255.255.252

crypto map test

The access-list should be mirror images of each other and should have entries for the all the subnets behind the routers for which the traffic needs to be encrypted

Have a look at IPSec on Router to Router at the below link

http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html

HTH, rate if it does

Narayan