04-07-2007 01:16 AM - edited 03-03-2019 04:27 PM
Hi Expert's!
how can i implement Site-to-Site VPN;WE HAVE 2 ROUTERS At each site + 512 internet connection
10xs
Ali
04-07-2007 01:23 AM
Hi,
What is your router model and IOS feature set? Should be able to support IPSEC VPN.
Here's a sample template that I created.
Office Network = 172.16.0.0/12
Remote Network = 10.0.0.0/8
Office WAN Interface IP Address = a.b.c.2, Gateway = a.b.c.1
Remote WAN Interface IP Address = w.x.y.2, Gateway = w.x.y.1
1. Office
!
ip subnet-zero
!
crypto isakmp policy 3
authentication pre-share
!
crypto isakmp key trinity address w.x.y.2 no-xauth
!
crypto ipsec transform-set NEO esp-des esp-sha-hmac
!
crypto map TheMatrix 1 ipsec-isakmp
set peer w.x.y.2
set transform-set NEO
set pfs group1
match address 101
!
interface wan_interface_facing_internet
ip address a.b.c.2 255.255.255.252
crypto map TheMatrix
!
ip classless
ip route 0.0.0.0 0.0.0.0 a.b.c.1
!
access-list 101 permit ip 172.16.0.0 0.240.255.255 10.0.0.0 0.255.255.255
2. Remote
!
ip zubnet-zero
!
crypto isakmp policy 3
authentication pre-share
!
crypto isakmp key trinity address a.b.c.2 no-xauth
!
crypto ipsec transform-set NEO esp-des esp-sha-hmac
!
crypto map TheMatrix 1 ipsec-isakmp
set peer a.b.c.2
set transform-set NEO
set pfs group1
match address 101
!
interface wan_interface_facing_internet
ip address w.x.y.2 255.255.255.252
crypto map TheMatrix
!
ip classless
ip route 0.0.0.0 0.0.0.0 w.x.y.1
!
access-list 101 permit ip 10.0.0.0 0.255.255.255 172.16.0.0 0.240.255.255
04-07-2007 01:29 AM
Hi medan !
appreciate ur quick reply;am going to use it as reference in my plan
regards
ALI
04-07-2007 01:30 AM
Hi Ali
Attached is a document for configuring site-to-site VPN's on IOS routers.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080194650.shtml
Have a look and come back if you have any questions.
Congratulations on ytour 4507 deployment.
HTH
Jon
04-07-2007 01:42 AM
Hi Jon!
10xs a lot for ur reply;am going to be fine in my work.experts help me to much in this forum.10xs ti them
10xs
04-07-2007 01:48 AM
Hi Experts!
i need useful link regarding Site to site VPN using pix 515E
10xs
04-07-2007 01:59 AM
Hi,
New PIX? Try this link http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_72/72_gsg/sitvpn_p.htm
04-07-2007 02:45 AM
Hi medan
10xs a lot
ALI
04-07-2007 05:27 AM
No problem Ali :)
02-22-2011 02:10 AM
Hi,
Please find the below sample configure to setup site to site vpn between pix 515E.
Current config:
crypto map ToNYC 20 ipsec-isakmp
crypto map ToNYC 20 match address VPNtoNYC
crypto map ToNYC 20 set peer 11.11.11.11
crypto map ToNYC 20 set transform-set strong
crypto map ToNYC interface outside
isakmp enable outside
isakmp key ******** address 11.11.11.11 netmask 255.255.255.255
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 28800
For second tunnel:
crypto map ToABC 10 ipsec-isakmp
crypto map ToABC 10 match address VPNtoABC
crypto map ToABC 10 set peer 22.22.22.22
crypto map ToABC 10 set transform-set strong
isakmp key ******** address 22.22.22.22 netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 28800
Please rate the helpfull posts.
Regards,
Naidu.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: