Systems and Network useful knowledge: Cisco Site to Site VPN Configuration

This was set up on a 857W running IOS 12.4-15-T12
There is also a client VPN configured on this router.
Local subnet : 192.168.0.0/24
Remote subnet : 10.10.0.0/16
Peer IP : 5.5.8.8

Phase 1 parameters
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2

Pre Shared Key
crypto isakmp key psk address 5.5.8.8 no-xauth

Transform set
crypto ipsec transform-set transform-1 esp-aes esp-sha-hmac

Crypto map
crypto map mapname 1 ipsec-isakmp
set peer 5.5.8.8
set transform-set transform-1
match address aclname

Interesting traffic
ip access-list extended aclname
permit ip 192.168.0.0 0.0.0.255 10.10.0.0 0.0.255.255

Remove from NAT rule
access-list 101 deny ip 192.168.0.0 0.0.0.255 10.10.0.0 0.0.255.255

Inbound ACL
interface bridge to internal network
ip access-group aclname2 out
ip access-list extended aclname2
permit udp host 10.10.4.8 192.168.0.1 0.0.0.225
deny ip 10.10.5.0 0.0.0.255 any
permit ip any any

Systems and Network useful knowledge

Saturday, 4 May 2013

Cisco Site to Site VPN Configuration

No comments:

Post a Comment