Dear Viewer,
In this tutorial we will learn that How to Configure IPSEC LAN- To - LAN VPN on Cisco Routers. We will Configure IPSEC VPN using Command Line on Cisco Routers.
! 1. Phase I - ISAKMP Parameters
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash md5
group 2
!
crypto isakmp key cisco123 address 200.1.1.1
! 2. Phase II - ESP Parameters
crypto ipsec transform-set TSET esp-3des esp-sha-hmac
! 3. Interesting Traffic - Crypto ACL
access-list 101 permit ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255
! 4. Link the above parameters to each other.
crypto map CMAP 10 ipsec-isakmp
match address 101
set peer 200.1.1.1
set transform-set TSET
! 5. Apply the Crypto Map on the outgoing Interface
Interface Fa 0/0
crypto map CMAP
! 1. Phase I - ISAKMP Parameters
crypto isakmp policy 15
authentication pre-share
encryption 3des
hash md5
group 2
!
crypto isakmp key cisco123 address 190.1.1.1
! 2. Phase II - ESP Parameters
crypto ipsec transform-set TSET esp-3des esp-sha-hmac
! 3. Interesting Traffic - Crypto ACL
access-list 101 permit ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
! 4. Link the above parameters to each other.
crypto map CMAP 10 ipsec-isakmp
match address 101
set peer 190.1.1.1
set transform-set TSET
! 5. Apply the Crypto Map on the outgoing Interface
Interface Fa 0/0
crypto map CMAP
Verification Commands:
Phase I - Show crypto isakmp sa
Phase II - Show crypto ipsec sa
In this tutorial we will learn that How to Configure IPSEC LAN- To - LAN VPN on Cisco Routers. We will Configure IPSEC VPN using Command Line on Cisco Routers.
LAB - 1
CLI COMMANDS :
R1
! 1. Phase I - ISAKMP Parameters
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash md5
group 2
!
crypto isakmp key cisco123 address 200.1.1.1
! 2. Phase II - ESP Parameters
crypto ipsec transform-set TSET esp-3des esp-sha-hmac
! 3. Interesting Traffic - Crypto ACL
access-list 101 permit ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255
! 4. Link the above parameters to each other.
crypto map CMAP 10 ipsec-isakmp
match address 101
set peer 200.1.1.1
set transform-set TSET
! 5. Apply the Crypto Map on the outgoing Interface
Interface Fa 0/0
crypto map CMAP
R2
! 1. Phase I - ISAKMP Parameters
crypto isakmp policy 15
authentication pre-share
encryption 3des
hash md5
group 2
!
crypto isakmp key cisco123 address 190.1.1.1
! 2. Phase II - ESP Parameters
crypto ipsec transform-set TSET esp-3des esp-sha-hmac
! 3. Interesting Traffic - Crypto ACL
access-list 101 permit ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
! 4. Link the above parameters to each other.
crypto map CMAP 10 ipsec-isakmp
match address 101
set peer 190.1.1.1
set transform-set TSET
! 5. Apply the Crypto Map on the outgoing Interface
Interface Fa 0/0
crypto map CMAP
Verification Commands:
Phase I - Show crypto isakmp sa
Phase II - Show crypto ipsec sa
0 Comments