2651-4
IKE phase 1: ISAKMP tunnel
crypto isakmp policy 1
encr aes
authentication pre-share
group 5
crypto isakmp key cisco address 192.168.1.2
IKE phase 2: IPsec tunnel
crypto ipsec transform-set myset esp-aes esp-sha-hmac
crypto map mymap 10 ipsec-isakmp
set peer 192.168.1.2
set transform-set myset
match address 101
Apply crypto map to interface
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.224
duplex auto
speed auto
crypto map mymap
end
Interesting traffic that needs site-to-site vpn
access-list 101 permit ip host 10.0.0.11 host 172.16.1.11
Static route
ip route 172.16.1.0 255.255.255.224 192.168.1.2
2651-5
IKE phase 1: ISAKMP tunnel
crypto isakmp policy 1
encr aes
authentication pre-share
group 5
crypto isakmp key cisco address 192.168.1.1
IKE phase 2: IPsec tunnel
crypto ipsec transform-set myset esp-aes esp-sha-hmac
crypto map mymap 10 ipsec-isakmp
set peer 192.168.1.1
set transform-set myset
match address 101
Apply crypto map to interface
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.224
duplex auto
speed auto
crypto map mymap
end
Interesting traffic that needs site-to-site vpn
access-list 101 permit ip host 172.16.1.11 host 10.0.0.11
Static route
ip route 10.0.0.0 255.255.255.224 192.168.1.1
cyruslab 