Creating a cisco site-site VPN

continuing on from the IPSEC overview, to configure site-site VPN’s,

there are 5 phases

Phase #1
setup ‘ISAKMP’ Policy;
ig)# crypto isakmp policy [and priority]
isakmp)# Authentication pre-share
isakmp)# encryptin AES
isakmp)# Group 2
isakmp)#Hash sha
isakmp)# lifetime

ig)# crypto isa key y4h00123 address [remote address] no-xau

Phase #2
Setup ‘IPSEC TRANSFORM SET’
ig)# crypto ipsec transform-set DEMO1 Esp-aes esp-sha

Phase #3
define interesting Traffic
ig)# ip access-list ext INT_TRAFFIC
ext-nacl)# permit ip [your address] [wild card 0.0.0.255] [remote host] [wild card]

Phase #4
create CryptoMap

crypto-map)# Crypto map VPN_MAP 10 ipsec-isa
crypto-map)#set peer [remote address]
crypto-map)#match address INT_TRAFFIC
crypto-map)#set transform-set DEMO1

Phase #5
Assign cryptomap to a interface

ig)# int s1/1
ig-if)# crypto map VPN_MAP

do the same on the other side
Finally
-ping to test connectivity
R2#sh crypto isakmp sa
dst src state conn-id slot
192.168.1.2 192.168.1.1 QM_IDLE 1 0

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s