Create Cisco VPN Tunnel over Internet

Written on January 1, 2008 – 1:49 am | by Yanurmal |

We will create VPN tunnel for connection from SiteA to SIteB over internet connection.

VPN Network

Requirement:

  • Internet connection each sites.
  • 2 Cisco router with 1 LAN interface (Ethernet) and 1 WAN interface (Serial).
  • IOS with IPSec.
  • IP address plan each site network, eg. SIteA 192.168.1.0/24 and SiteB 192.168.2.0/24
  • Public IP each site that assigned by your ISP, eg. SiteA 10.10.10.1 and SiteB 11.11.11.1


SITE A

hostname RouterA
!
enable password 123
!
crypto isakmp enable
crypto isakmp identity address
!
crypto isakmp policy 1
encryption des
hash md5
authentication pre-share
group 1
lifetime 86400
crypto isakmp key secretkey address 11.11.11.1
!
crypto ipsec transform-set cm-transformset-1 ah-md5-hmac esp-des esp-md5-hmac
crypto map cm-cryptomap local-address Serial 0
!
crypto map cm-cryptomap 1 ipsec-isakmp
match address 100
set peer 11.11.11.1
set transform-set cm-transformset-1
set security-association lifetime seconds 3600
set security-association lifetime kilobytes 4608000
!
interface FastEthernet 0
description connected to EthernetLAN
ip address 192.168.1.1 255.255.255.0
!
interface Serial 0
description connected to Internet
crypto map cm-cryptomap
ip address 10.10.10.1 255.255.255.252
!
no access-list 100
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
!
ip route 0.0.0.0 0.0.0.0 Serial 0
!
line console 0
exec-timeout 0 0
password 123
login
!
line vty 0 4
password 123
login
!
end
===

SITE B

hostname RouterB
!
enable password 123
!
crypto isakmp enable
crypto isakmp identity address
!
crypto isakmp policy 1
encryption des
hash md5
authentication pre-share
group 1
lifetime 86400
crypto isakmp key secretkey address 10.10.10.1
!
crypto ipsec transform-set cm-transformset-1 ah-md5-hmac esp-des esp-md5-hmac
crypto map cm-cryptomap local-address Serial 0
!
crypto map cm-cryptomap 1 ipsec-isakmp
match address 100
set peer 10.10.10.1
set transform-set cm-transformset-1
set security-association lifetime seconds 3600
set security-association lifetime kilobytes 4608000
!
interface FastEthernet 0
description connected to EthernetLAN_1
ip address 192.168.2.1 255.255.255.0
!
interface Serial 0
description connected to Internet
crypto map cm-cryptomap
ip address 11.11.11.1 255.255.255.252
!
no access-list 100
access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
ip route 0.0.0.0 0.0.0.0 Serial 0
!
line console 0
exec-timeout 0 0
password 123
login
!
line vty 0 4
password 123
login
!
end

Popularity: 94%

Share This Post

Related Posts

You must be logged in to post a comment.

Ads

Find entries :