VPN configuration between cisco 2911 router and cisco RV180w (5 brach) router.

shofiquem · ‎09-26-2014

hi, currently i have 5 branches which has connected through VPN on cisco RV180 w router we are planning to install cisco 2911 router at my main branch. so i want to connect my all branches through vpn on static ip which has provided by our isp. so pls guide my what a i can do. i have tried to configure my cisco 2911 vpn but im not able to ping my branches.

shine pothen · ‎09-26-2014

Hey,

In order to create site to site VPN you will need to use certain parameters.

you will have to create the "Crypto"

crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key "VPN@123" address X.X.X.X (Peer Ip address) (should be created for each Branch) and the Key should be matching on both the ends
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac (you will have to define the transform set)

crypto map VPN 10 ipsec-isakmp (should be created for each Branch)
set peer X.X.X.X
set transform-set ESP-3DES-SHA
match address 10

ip access-list extended 10 (Interesting traffic source and destination)
permit ip 10.10.10.0 0.0.0.255 172.16.1.0 0.0.0.255

interface FastEtherenet0/0
crypto map VPN (Attaching Crypto map to outside interface or interface connecting to the internet)

ip access-list extended NAT_Exempt (NO NAT Statement)
deny ip 10.10.10.0 0.0.0.255 172.16.1.0 0.0.0.255
permit ip 10.10.10.0 0.0.0.255 any

route-map nonat permit 10
match ip address NAT_Exempt

to verfiy the site to site you can use the below commands

sh cry isa sa

sh cry ipsec sa

i am using IP address just for understanding.