Cisco IPSec VPN (site-to-site)

Site A

R1(config)#crypto isakmp policy 1
R1(config-isakmp)#authentication pre-share
R1(config)#crypto isakmp key Password address SITE.B.IP.ADDRESS
R1(config)#access-list 100 permit ip 10.0.0.0 0.255.255.255 192.168.32.0 0.0.0.255
R1(config)#crypto ipsec transform-set MYSET esp-sha-hmac esp-aes

Combine above global config to my crypto map 1

R1(config)#crypto map MYMAP 1 ipsec-isakmp 
R1(config-crypto-map)#set transform-set MYSET
R1(config-crypto-map)#set peer SITE.B.IP.ADDRESS
R1(config-crypto-map)#match address 100

Turn on

R1(config)#interface Gi0/0
R1(config-if)#crypto map MYMAP

 

Site B

R2(config)#crypto isakmp policy 1
R2(config-isakmp)#authentication pre-share
R2(config)#crypto isakmp key Password address SITE.A.IP.ADDRESS
R2(config)#access-list 100 permit ip 192.168.32.0 0.0.0.255 10.0.0.0 0.255.255.255
R2(config)#crypto ipsec transform-set MYSET esp-sha-hmac esp-aes

Combine above global config to my crypto map 1

R2(config)#crypto map MYMAP 1 ipsec-isakmp 
R2(config-crypto-map)#set transform-set MYSET
R2(config-crypto-map)#set peer SITE.A.IP.ADDRESS
R2(config-crypto-map)#match address 100

Turn on

R2(config)#interface Gi0/0
R2(config-if)#crypto map MYMAP

Verify

R1#show crypto map
R1#show crypto ipsec sa

 

Leave a Comment

Your email address will not be published. Required fields are marked *