Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site2site VPN

Hi Expert's!

how can i implement Site-to-Site VPN;WE HAVE 2 ROUTERS At each site + 512 internet connection

10xs

Ali

9 REPLIES

Re: Site2site VPN

Hi,

What is your router model and IOS feature set? Should be able to support IPSEC VPN.

Here's a sample template that I created.

Office Network = 172.16.0.0/12

Remote Network = 10.0.0.0/8

Office WAN Interface IP Address = a.b.c.2, Gateway = a.b.c.1

Remote WAN Interface IP Address = w.x.y.2, Gateway = w.x.y.1

1. Office

!

ip subnet-zero

!

crypto isakmp policy 3

authentication pre-share

!

crypto isakmp key trinity address w.x.y.2 no-xauth

!

crypto ipsec transform-set NEO esp-des esp-sha-hmac

!

crypto map TheMatrix 1 ipsec-isakmp

set peer w.x.y.2

set transform-set NEO

set pfs group1

match address 101

!

interface wan_interface_facing_internet

ip address a.b.c.2 255.255.255.252

crypto map TheMatrix

!

ip classless

ip route 0.0.0.0 0.0.0.0 a.b.c.1

!

access-list 101 permit ip 172.16.0.0 0.240.255.255 10.0.0.0 0.255.255.255

2. Remote

!

ip zubnet-zero

!

crypto isakmp policy 3

authentication pre-share

!

crypto isakmp key trinity address a.b.c.2 no-xauth

!

crypto ipsec transform-set NEO esp-des esp-sha-hmac

!

crypto map TheMatrix 1 ipsec-isakmp

set peer a.b.c.2

set transform-set NEO

set pfs group1

match address 101

!

interface wan_interface_facing_internet

ip address w.x.y.2 255.255.255.252

crypto map TheMatrix

!

ip classless

ip route 0.0.0.0 0.0.0.0 w.x.y.1

!

access-list 101 permit ip 10.0.0.0 0.255.255.255 172.16.0.0 0.240.255.255

New Member

Re: Site2site VPN

Hi medan !

appreciate ur quick reply;am going to use it as reference in my plan

regards

ALI

Hall of Fame Super Blue

Re: Site2site VPN

Hi Ali

Attached is a document for configuring site-to-site VPN's on IOS routers.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080194650.shtml

Have a look and come back if you have any questions.

Congratulations on ytour 4507 deployment.

HTH

Jon

New Member

Re: Site2site VPN

Hi Jon!

10xs a lot for ur reply;am going to be fine in my work.experts help me to much in this forum.10xs ti them

10xs

New Member

Re: Site2site VPN

Hi Experts!

i need useful link regarding Site to site VPN using pix 515E

10xs

Re: Site2site VPN

New Member

Re: Site2site VPN

Hi medan

10xs a lot

ALI

Re: Site2site VPN

No problem Ali :)

Re: Site2site VPN

Hi,

Please find the below sample configure to setup site to site vpn between pix 515E.

Current config:
crypto map ToNYC 20 ipsec-isakmp
crypto map ToNYC 20 match address VPNtoNYC
crypto map ToNYC 20 set peer 11.11.11.11
crypto map ToNYC 20 set transform-set strong
crypto map ToNYC interface outside
isakmp enable outside
isakmp key ******** address 11.11.11.11 netmask 255.255.255.255
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 28800


For second tunnel:

crypto map ToABC 10 ipsec-isakmp
crypto map ToABC 10 match address VPNtoABC
crypto map ToABC 10 set peer 22.22.22.22
crypto map ToABC 10 set transform-set strong
isakmp key ******** address 22.22.22.22 netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 28800


Please rate the helpfull posts.

Regards,
Naidu.

200
Views
10
Helpful
9
Replies