04-10-2013 07:11 PM - edited 03-04-2019 07:33 PM
Hello,
I'm hoping you guys might be able to help me out. I'm trying to set up an IPSec tunnel between 2 3845 routers that each sit in a private LAN behind an ADSL modem. Each modem does have a static public IP address from the ISP.
Thus:
Cisco 3845-1 <-> ADSL modem <-> WAN <-> ADSL modem <-> Cisco 3845-2
3845-1
Gi 0/0 - private ip
l
NAT
l
ADSL modem/public IP
l
WAN
l
ADSL modem/public IP
l
NAT
l
3845-2 GI 0/0 - private IP
So I would like to set up IPSEC between the GI 0/0 interfaces on the 3845's.
Any help that could be provided would be much appreciated.
Thanks,
Jon
04-10-2013 09:35 PM
Hi,
ADSL is performing a NAT translation I suppose. I don't know if this config works behind NAT device otherwise you will need to do port forwarding to routers.
Here is simple config:
3845-1:
crypto isakmp policy 2
authentication pre-share
crypto isakmp key cisco123 address 1.1.1.2
!
crypto ipsec transform-set Router-IPSEC esp-3des esp-sha-hmac
!
crypto map VPN_MAP 1 ipsec-isakmp
set peer 1.1.1.2 // Public IP ADSL modem
set transform-set Router-IPSEC
match address 100
!
interface FastEthernet0/0
description Link to ADSL
ip address 192.168.2.2 255.255.255.252
crypto map VPN_MAP
!
interface FastEthernet0/1
description Link to LAN
ip address 10.20.10.1 255.255.255.0
!
ip route 10.10.10.0 255.255.255.0 192.168.2.1
!
access-list 100 permit ip 10.20.10.0 0.0.0.255 10.10.10.0 0.0.0.255
3845-2:
crypto isakmp policy 2
authentication pre-share
crypto isakmp key cisco123 address 1.1.1.1
!
crypto ipsec transform-set Router-IPSEC esp-3des esp-sha-hmac
!
crypto map VPN_MAP 1 ipsec-isakmp
set peer 1.1.1.1 // Public IP ADSL modem
set transform-set Router-IPSEC
match address 100
!
interface FastEthernet0/0
description Link to ADSL
ip address 192.168.1.2 255.255.255.252
crypto map VPN_MAP
!
interface FastEthernet0/1
description Link to LAN
ip address 10.10.10.1 255.255.255.0
!
ip route 10.20.10.0 255.255.255.0 192.168.1.1
!
access-list 100 permit ip 10.10.10.0 0.0.0.255 10.20.10.0 0.0.0.255
Hope it will help.
Best regards,
Abzal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide