Site-Site VPN

2651-4

IKE phase 1: ISAKMP tunnel

crypto isakmp policy 1

 encr aes

 authentication pre-share

 group 5

crypto isakmp key cisco address 192.168.1.2

IKE phase 2: IPsec tunnel

crypto ipsec transform-set myset esp-aes esp-sha-hmac

crypto map mymap 10 ipsec-isakmp

 set peer 192.168.1.2

 set transform-set myset

 match address 101

Apply crypto map to interface

interface FastEthernet0/0

 ip address 192.168.1.1 255.255.255.224

 duplex auto

 speed auto

 crypto map mymap

end

Interesting traffic that needs site-to-site vpn

access-list 101 permit ip host 10.0.0.11 host 172.16.1.11

Static route

ip route 172.16.1.0 255.255.255.224 192.168.1.2

2651-5

IKE phase 1: ISAKMP tunnel

crypto isakmp policy 1

 encr aes

 authentication pre-share

 group 5

crypto isakmp key cisco address 192.168.1.1

IKE phase 2: IPsec tunnel

crypto ipsec transform-set myset esp-aes esp-sha-hmac

crypto map mymap 10 ipsec-isakmp

 set peer 192.168.1.1

 set transform-set myset

 match address 101

Apply crypto map to interface

interface FastEthernet0/0

 ip address 192.168.1.2 255.255.255.224

 duplex auto

 speed auto

 crypto map mymap

end

Interesting traffic that needs site-to-site vpn

access-list 101 permit ip host 172.16.1.11 host 10.0.0.11

Static route

ip route 10.0.0.0 255.255.255.224 192.168.1.1

Advertisements
This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s