Nick Kewney

Software Architect & Product Builder

Configuring site-to-site IPSEC tunnel on Cisco IOS

This post outlines how to set up a site-to-site VPN on a Cisco router. Both sides need to match crypto iskamp policy and transform set.

crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key SecureComputing! address xxx.xxx.xxx.xxx
!
!
crypto ipsec transform-set MYVPN esp-3des esp-md5-hmac
!
crypto map MYVPN 10 ipsec-isakmp
 set peer xxxx.xxxx.xxxx.xxxx
 set transform-set MYVPN
 match address 110

access-list 110 remark MYVPN TO REMOTEVPN
access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 (Where 192.168.2.0 is the remote network your trying to get to.)

interface atm1.0
crypto map MYVPN


access-list 111 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255  (This denys NAT)
access-list 111 permit ip 192.168.1.0 any

ip nat inside source list 111 interface atm0.1 overload

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.