Configuring site-to-site IPSEC tunnel on Cisco IOS

This post outlines how to set up a site-to-site VPN on a Cisco router. Both sides need to match crypto iskamp policy and transform set.

crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key SecureComputing! address
crypto ipsec transform-set MYVPN esp-3des esp-md5-hmac
crypto map MYVPN 10 ipsec-isakmp
 set peer xxxx.xxxx.xxxx.xxxx
 set transform-set MYVPN
 match address 110

access-list 110 remark MYVPN TO REMOTEVPN
access-list 110 permit ip (Where is the remote network your trying to get to.)

interface atm1.0
crypto map MYVPN

access-list 111 deny ip  (This denys NAT)
access-list 111 permit ip any

ip nat inside source list 111 interface atm0.1 overload

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.