Labels

Cisco Router Site 2 Site Configuration

Simple configure Site 2 Site vpn for Cisco router :

First we need to create access list that permit between our local and remote network ( enycprion domain)

ip access-list ex 110
10 permit ip 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255
20 permit ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255


! If your router using nat out side, you will have to modify nat access list
ip access list ex NAT

10 deny 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255

phase 1 :

crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2


 
  crypto isakmp key cisco123 address 172.16.1.1

phase 2 :
 
  crypto ipsec transform-set DESSHA esp-des esp=sha-hmac
 
  crypto map cryptomap 10 ipsec-isakmp
   set peer 172.16.1.1
   set trasfrom-set DESSHA
   match address 110

  
  
  finally configure the crypto map on the outside interface

   interface Fa0/1
    crypto map cryptomap

   

No comments:

Post a Comment