Configuring site-to-site IPSEC tunnel on Cisco IOS

This post outlines how to set up a site-to-site VPN on a Cisco router. Both sides need to match crypto iskamp policy and transform set.

crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key SecureComputing! address xxx.xxx.xxx.xxx
!
!
crypto ipsec transform-set MYVPN esp-3des esp-md5-hmac
!
crypto map MYVPN 10 ipsec-isakmp
 set peer xxxx.xxxx.xxxx.xxxx
 set transform-set MYVPN
 match address 110

access-list 110 remark MYVPN TO REMOTEVPN
access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 (Where 192.168.2.0 is the remote network your trying to get to.)

interface atm1.0
crypto map MYVPN


access-list 111 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255  (This denys NAT)
access-list 111 permit ip 192.168.1.0 any

ip nat inside source list 111 interface atm0.1 overload

Leave a Reply