cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
868
Views
5
Helpful
0
Comments
Hardik Vaidh
Level 1
Level 1

crypto isakmp policy 10
encr 3des

hash md5
authentication pre-share
group 2
crypto isakmp key XXX address 10.10.10.10

// set your key insted of XXX and it must match with your remote site. after that write address of your peer
crypto isakmp invalid-spi-recovery
!
!
crypto ipsec transform-set XXX esp-3des esp-md5-hmac
!
crypto map YYY  local-address <<<FastEthernet0/0 your local int>>>
crypto map YYY 10 ipsec-isakmp
set peer 10.10.10.10
set transform-set ZZZ
match address 101

interface <<<FastEthernet0/ your public int>>>
crypto map YYYY

access-list 101 permit ip 192.168.1.0 0.0.0.255 11.11.11.11 (Remote user) 255.255.255.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 22.22.22.22(Remote user) 255.255.255.255

After that configure NAT with req. access-list

For troubleshooting

sh cry ipsec sa peer 10.10.10.10

sh cry session

hope your IPSec site to site VPN tunnel is working fine

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: