cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
738
Views
0
Helpful
3
Replies

IPSec basic configuration help - diagram included

news2010a
Level 3
Level 3

Hi, can you please point me to a document or give me a configuration hint on how I get the IPsec tunnel created between the two routers as per attached drawing? I will need to do IPSec tunnel and let workstations behind the respective routers reach each other.

I am in hurry and searched few documents on cisco.com, but I haven't seen anything directed related to this basic configuration.

1 Accepted Solution

Accepted Solutions

royalblues
Level 10
Level 10

I think i posted a sample config on the other post without the diagram

Here is a sample configuration

At RouterA

crypto isakmp policy 1

encryption 3des

authentication pre-share

hash md5

group 2

crypto isakmp key cisco address 10.0.0.2

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map test 1 ipsec-isakmp

set peer 10.0.0.2

set transform set myset

match address 100

access-list 100 permit ip 170.79.62.0 0.0.3.255 170.79.69.0 0.0.0.255

interface fa 0/1

ip address 10.0.0.1 255.255.255.0

crypto map test

At RouterB

crypto isakmp policy 1

encryption 3des

authentication pre-share

hash md5

group 2

crypto isakmp key cisco address 10.0.0.1

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map test 1 ipsec-isakmp

set peer 10.0.0.1

set transform set myset

match address 100

access-list 100 permit ip 170.79.69.0 0.0.0.255 170.79.62.0 0.0.3.255

Int fa 0/0

ip address 10.0.0.2 255.255.255.0

crypto map test

HTH, rate if it does

Narayan

View solution in original post

3 Replies 3

Hi,

You can view this:

http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html

where there are configuration examples; in particular you can view the section IPSec on Router to Router.

More in detail you can see : Configuring IOS-to-IOS IPSec Using AES Encryption

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080194650.shtml

I hope this helps.

Best regards.

Massimiliano.

royalblues
Level 10
Level 10

I think i posted a sample config on the other post without the diagram

Here is a sample configuration

At RouterA

crypto isakmp policy 1

encryption 3des

authentication pre-share

hash md5

group 2

crypto isakmp key cisco address 10.0.0.2

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map test 1 ipsec-isakmp

set peer 10.0.0.2

set transform set myset

match address 100

access-list 100 permit ip 170.79.62.0 0.0.3.255 170.79.69.0 0.0.0.255

interface fa 0/1

ip address 10.0.0.1 255.255.255.0

crypto map test

At RouterB

crypto isakmp policy 1

encryption 3des

authentication pre-share

hash md5

group 2

crypto isakmp key cisco address 10.0.0.1

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map test 1 ipsec-isakmp

set peer 10.0.0.1

set transform set myset

match address 100

access-list 100 permit ip 170.79.69.0 0.0.0.255 170.79.62.0 0.0.3.255

Int fa 0/0

ip address 10.0.0.2 255.255.255.0

crypto map test

HTH, rate if it does

Narayan

You rule. Thanks!!