cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
565
Views
10
Helpful
9
Replies

Site2site VPN

alsayed
Level 1
Level 1

Hi Expert's!

how can i implement Site-to-Site VPN;WE HAVE 2 ROUTERS At each site + 512 internet connection

10xs

Ali

9 Replies 9

Danilo Dy
VIP Alumni
VIP Alumni

Hi,

What is your router model and IOS feature set? Should be able to support IPSEC VPN.

Here's a sample template that I created.

Office Network = 172.16.0.0/12

Remote Network = 10.0.0.0/8

Office WAN Interface IP Address = a.b.c.2, Gateway = a.b.c.1

Remote WAN Interface IP Address = w.x.y.2, Gateway = w.x.y.1

1. Office

!

ip subnet-zero

!

crypto isakmp policy 3

authentication pre-share

!

crypto isakmp key trinity address w.x.y.2 no-xauth

!

crypto ipsec transform-set NEO esp-des esp-sha-hmac

!

crypto map TheMatrix 1 ipsec-isakmp

set peer w.x.y.2

set transform-set NEO

set pfs group1

match address 101

!

interface wan_interface_facing_internet

ip address a.b.c.2 255.255.255.252

crypto map TheMatrix

!

ip classless

ip route 0.0.0.0 0.0.0.0 a.b.c.1

!

access-list 101 permit ip 172.16.0.0 0.240.255.255 10.0.0.0 0.255.255.255

2. Remote

!

ip zubnet-zero

!

crypto isakmp policy 3

authentication pre-share

!

crypto isakmp key trinity address a.b.c.2 no-xauth

!

crypto ipsec transform-set NEO esp-des esp-sha-hmac

!

crypto map TheMatrix 1 ipsec-isakmp

set peer a.b.c.2

set transform-set NEO

set pfs group1

match address 101

!

interface wan_interface_facing_internet

ip address w.x.y.2 255.255.255.252

crypto map TheMatrix

!

ip classless

ip route 0.0.0.0 0.0.0.0 w.x.y.1

!

access-list 101 permit ip 10.0.0.0 0.255.255.255 172.16.0.0 0.240.255.255

Hi medan !

appreciate ur quick reply;am going to use it as reference in my plan

regards

ALI

Jon Marshall
Hall of Fame
Hall of Fame

Hi Ali

Attached is a document for configuring site-to-site VPN's on IOS routers.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080194650.shtml

Have a look and come back if you have any questions.

Congratulations on ytour 4507 deployment.

HTH

Jon

Hi Jon!

10xs a lot for ur reply;am going to be fine in my work.experts help me to much in this forum.10xs ti them

10xs

Hi Experts!

i need useful link regarding Site to site VPN using pix 515E

10xs

Hi medan

10xs a lot

ALI

No problem Ali :)

Latchum Naidu
VIP Alumni
VIP Alumni

Hi,

Please find the below sample configure to setup site to site vpn between pix 515E.

Current config:
crypto map ToNYC 20 ipsec-isakmp
crypto map ToNYC 20 match address VPNtoNYC
crypto map ToNYC 20 set peer 11.11.11.11
crypto map ToNYC 20 set transform-set strong
crypto map ToNYC interface outside
isakmp enable outside
isakmp key ******** address 11.11.11.11 netmask 255.255.255.255
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 28800


For second tunnel:

crypto map ToABC 10 ipsec-isakmp
crypto map ToABC 10 match address VPNtoABC
crypto map ToABC 10 set peer 22.22.22.22
crypto map ToABC 10 set transform-set strong
isakmp key ******** address 22.22.22.22 netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 28800


Please rate the helpfull posts.

Regards,
Naidu.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: