01-03-2019 07:26 PM
Hi all
Previously im using maipu router,Now migrate to cisco 819G-LTE.
how to configure below config on cisco router. Please help me someone
crypto ike key x.x.x.x address 192.168.24.2
crypto tunnel FSB43
local address 10.180.4.162
peer address 192.168.24.2
set sec-level basic
set auto-up
crypto policy DLSw1
flow host 20.0.0.110 host 10.123.1.2 ip tunnel FSB4
exit
01-03-2019 08:55 PM
Hello,
You can get a configuration example on the following link under "4G-LTE Wireless WAN as a Backup with NAT and IPSec" section :- https://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/software/feature/guide/ehwic-4g-ltesw-book.html#con_1334957
Generally, here is a sample configuration example:-
crypto isakmp policy 1
encr aes ! Make sure it matches to the other side
authentication pre-share
group 2 ! Make sure it matches to the other side
!
crypto isakmp key PASSWORD address 192.168.24.2
!
!Make sure the transform-set matches to the other side
crypto ipsec transform-set TRANSFORM_FSB43 esp-aes esp-sha-hmac
mode tunnel
!
crypto map FSB43 10 ipsec-isakmp
set peer 192.168.24.2
set transform-set TRANSFORM_FSB43
match address 101
!
access-list 101 permit ip host 20.0.0.110 host 10.123.1.2
!
interface XXX !! Put the correct interface number
ip address 10.180.4.162
crypto map FSB43
!
You need to make sure that the encryption, authentication, group match on both sides of the routers. What kind of device do you have on the other side?
HTH,
Meheretab
01-03-2019 09:28 PM
Hi meheretab
many thanks for response
i doing multiply connection on different router destination. do i need to configure crypto isakmp policy,crypto map multiply also? below example config on maipu router previously
01-04-2019 02:02 PM
You can use the same crypto isakmp policy and transform-set for all of your connections. However, you will need to create separate crypto maps as each crypto map is associated with specific peer and match specific traffic. You will need to apply the crypto maps to the respective interfaces.
Do you have a network diagram to share? I am not exactly sure how the different routers are connected and which network is behind which router.
HTH,
Meheretab
01-07-2019 01:01 AM
01-03-2019 09:34 PM
this config on remote router(maipu)
crypto ike key 5cef39369b30fe3efda475722c798c9cÇ any
crypto tunnel DR
local address 192.168.24.2
peer any
set sec-level basic
exit
crypto policy mainDLSw1
flow host 30.2.2.254 20.0.0.0 255.255.255.0 ip tunnel DR bypass
exit
crypto policy mainDLSw2
flow host 30.2.2.250 20.0.0.0 255.255.255.0 ip tunnel DR bypass
exit
crypto policy mainDLSw3
flow host 30.2.2.251 20.0.0.0 255.255.255.0 ip tunnel DR bypass
exit
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide